Internet-Draft System-defined Configuration May 2024
Ma, et al. Expires 2 December 2024 [Page]
Workgroup:
NETMOD
Internet-Draft:
draft-ietf-netmod-system-config-06
Updates:
8342, 6241, 8526, 8040 (if approved)
Published:
Intended Status:
Standards Track
Expires:
Authors:
Q. Ma, Ed.
Huawei
Q. Wu
Huawei
C. Feng

System-defined Configuration

Abstract

This document defines how a management client and server handle YANG-modeled configuration data that is instantiated by the server itself. The system-defined configuration can be referenced (e.g., leafref) by configuration explicitly created by a client.

The Network Management Datastore Architecture (NMDA) defined in RFC 8342 is updated with a read-only conventional configuration datastore called "system" to expose system-defined configuration.

This document updates RFC 8342, RFC 6241, RFC 8526 and RFC 8040.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 2 December 2024.

Table of Contents

1. Introduction

The Network Management Datastore Architecture (NMDA) [RFC8342] defines system configuration as the configuration that is supplied by the device itself and appears in <operational> when it is in use (Figure 2 in [RFC8342]).

However, there is a desire to enable a server to better structure and expose the system configuration. NETCONF/RESTCONF clients can benefit from a standard mechanism to retrieve what system configuration is available on a server.

Some servers allow clients to reference a system-defined node which is not present in the datastore. The absence of the system configuration in the datastore can render the datastore invalid from the perspective of a client or offline tools (e.g., missing leafref targets). This document describes several approaches to bring the datastore to a valid state and satisfy referential integrity constraints.

Some servers allow the descendant nodes of system-defined configuration to be configured or modified. For example, the system configuration may contain an almost empty physical interface, while the client needs to be able to add, modify, or remove a number of descendant nodes. Some descendant nodes may not be modifiable (e.g., the interface "type" set by the system).

This document updates the Network Management Datastore Architecture (NMDA) defined in [RFC8342] with a read-only conventional configuration datastore called "system" to expose system-defined configuration.

As an alternative to clients explicitly copying referenced system-defined configuration so that the datastore is valid, a "resolve-system" parameter is defined to allow the server to copy referenced system nodes automatically. This solution enables clients to reference nodes defined in <system>, override system-provided values, and configure descendant nodes of system-defined configuration.

If a system-defined node is referenced, it refers to one of the following cases throughout this document:

Conformance to this document requires the NMDA servers to implement the "ietf-system-datastore" YANG module (Section 8).

1.1. Terminology

This document assumes that the reader is familiar with the contents of [RFC6241], [RFC7950], [RFC8342], [RFC8407], and [RFC8525] and uses terminologies from those documents.

The following terms are defined in this document:

System configuration:

Configuration that is provided by the system itself. System configuration is present in the system configuration datastore (regardless of whether it is applied or referenced). It is a different and separate concept from factory default configuration defined in [RFC8808] (which represents a preset initial configuration that is used to initialize the configuration of a server).

System configuration datastore:
A configuration datastore holding configuration provided by the system itself. This datastore is referred to as "<system>".

This document redefines the term "conventional configuration datastore" in Section 3 of [RFC8342] to add "system" to the list of conventional configuration datastores:

Conventional configuration datastore:

One of the following set of configuration datastores: <running>, <startup>, <candidate>, <system>, and <intended>. These datastores share a common datastore schema, and protocol operations allow copying data between these datastores. The term "conventional" is chosen as a generic umbrella term for these datastores.

1.2. Requirements Language

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

1.3. Updates to RFC 8342

This document updates RFC 8342 to define a configuration datastore called "system" to hold system configuration (Section 3), it also redefines the term "conventional configuration datastore" from [RFC8342] to add "system" to the list of conventional configuration datastores.

Configuration in <running> is merged with <system> to create the contents of <intended> after the configuration transformations to <running> (e.g., template expansion, removal of inactive configuration defined in [RFC8342]) have been performed (Section 5.1).

The definition of "intended" origin metadata annotation identity is also updated (Section 5.1.1).

1.4. Updates to RFC 6241 and RFC 8526

This document updates RFC 6241 to augment the NETCONF <edit-config>, <copy-config>, <validate>, and <commit> operations with an additional input parameter named "resolve-system", as specified in Section 5.3.

This document also updates RFC 8526 to augment the NETCONF <edit-data> operation with the "resolve-system" parameter, as specified in Section 5.3.

1.5. Updates to RFC 8040

This document extends sections 4.8 and 9.1.1 in [RFC8040] to add a new query parameter "resolve-system" and corresponding query parameter capability URI (Section 5.3.2).

2. Kinds of System Configuration

This document defines two types of system configuration: configuration that is generated in <system> immediately when the device boots and configuration that is generated in <system> only when specific conditions being met on a device, they are described in Section 2.1 and Section 2.2, respectively.

2.1. Immediately-Present

Immediately-present refers to system configuration which is generated in <system> when the device is powered on, irrespective of physical resource present or not, a special functionality enabled or not. An example of immediately-present system configuration is an always-existing loopback interface.

2.2. Conditionally-Present

Conditionally-present refers to system configuration which is generated in <system> based on specific conditions being met in a system. For example, if a physical resource is present (e.g., an interface card is inserted), the system automatically detects it and loads associated configuration; when the physical resource is not present (an interface card is removed), the system configuration will be automatically cleared. Another example is when a special functionality is enabled, e.g., when a license or feature is enabled, specific configuration may be created by the system.

3. The System Configuration Datastore (<system>)

Following guidelines for defining datastores in the Appendix A of [RFC8342], this document introduces a new datastore resource named "system" that represents the system configuration. NMDA servers compliant with this document MUST implement a system configuration datastore, and they SHOULD also implement <intended>.

The system configuration datastore doesn't persist across reboots.

4. Static Characteristics of <system>

4.1. Read-only to Clients

The system datastore is read-only (i.e., edits towards <system> directly MUST be denied), though the client may be allowed to override the value of a system-initialized node (see Section 5.4).

4.2. May Change via Software Upgrades or Resource Changes

The contents of <system> MAY change dynamically under various conditions, such as license change, software upgrade, and system-controlled resources change (see Section 2.2). The updates of system configuration may be obtained through YANG notifications (e.g., on-change notification) [RFC6470][RFC8639][RFC8641].

Generally speaking, any update of <system> should not cause the automatic update of <running> to not surprise clients with unexpected changes. In particular, the behavior of system data migration during software upgrade is outside the scope of this document. That said, here are some examples of how a server might handle this scenario ensuring <running> remains accurate:

4.3. No Impact to <operational>

This work intends to have no impact to <operational> and does not define any new origin identity beyond Section 5.3.4 of [RFC8342]. The existence of <system> enables a subset of those system generated nodes to be defined like configuration, i.e., made visible to clients in order for being referenced or configurable prior to present in <operational>. "config false" nodes are out of scope, hence existing "config false" nodes are not impacted by this work.

5. Dynamic Behaviors

5.1. Conceptual Model of Datastores

Clients MAY reference nodes defined in <system>, override system-provided values, and configure descendant nodes of system-defined configuration in <running>.

To ensure the validity of <intended>, configuration in <running> is merged with <system> to become <intended>, in which process, configuration appearing in <running> takes precedence over the same node in <system>. If <running> includes configuration that requires further transformation (e.g., template expansion, removal of inactive configuration defined in [RFC8342]) before it can be applied, configuration transformations MUST be performed before <running> is merged with <system>.

Whenever configuration in <system> changes, the server MUST also immediately update and validate <intended>.

As a result, Figure 2 in Section 5 of [RFC8342] is updated with the below conceptual model of datastores which incorporates the system configuration datastore.

               +-------------+                 +-----------+
               | <candidate> |                 | <startup> |
               |  (ct, rw)   |<---+      +---->| (ct, rw)  |
               +-------------+    |      |     +-----------+
                      |           |      |           |
+-----------+         |        +-----------+         |
| <system>  |         +------->| <running> |<--------+
| (ct, ro)  |                  | (ct, rw)  |
+-----------+                  +-----------+
     |                              | // configuration transformations,
     |                              | // e.g., removal of nodes marked
     |           // merge           | // as "inactive", expansion of
     +--------------+---------------+ // templates
                    |
                    |
                    v
              +------------+
              | <intended> |  // subject to validation
              | (ct, ro)   |
              +------------+
                     |       // changes applied, subject to
                     |       // local factors, e.g., missing
                     |       // resources, delays
 dynamic             |
 configuration       |   +-------- learned configuration
 datastores -----+   |   +-------- default configuration
                 |   |   |
                 v   v   v
             +---------------+
             | <operational> | <-- system state
             | (ct + cf, ro) |
             +---------------+

ct = config true; cf = config false
rw = read-write; ro = read-only
boxes denote named datastores
Figure 1: Architectural Model of Datastores

Configuration in <system> is non-deletable to clients, even though a client may delete a copied system node from <running>. If system initializes a value for a particular leaf which is overridden by the client with a different value in <running>, the client may delete it in <running>, in which case system-initialized value defined in <system> may still be in use and appear in <operational>.

5.1.1. Origin Metadata Annotation

This document does not define any new origin identity when <system> interacts with <intended> and flows into <operational>.

The "intended" identity of origin value defined in [RFC8342] to represent the origin of configuration provided by <intended>, this document updates its definition as origin source of configuration explicitly provided by <running>, and allows a subset of configuration in <intended> that flows from <system> yet is not configured or overridden explicitly in <running> to use "system" as its origin value.

Configuration copied from <system> into <running> has its origin value reported as "intended" when it flows into <operational>.

5.2. Explicit Declaration of System Configuration

It is possible for a client to explicitly declare system configuration nodes with the same values as in <system>, by configuring a node (list/leaf-list entry, leaf, etc.) in the target datastore (e.g., <candidate> and <running>) that matches the same node and value in <system>.

The explicit declaration of system-defined nodes can be useful, for example, when the client does not support the "resolve-system" parameter but needs the datastore to be referentially complete. The client can explicitly copy the list entries (with at least the keys) that are referenced elsewhere in the datastore. The client does not necessarily need to declare all the contents of the list entry (i.e. the descendant nodes), only the parts that are required to make the datastore appear valid.

5.3. Servers Auto-configuring Referenced System Configuration ("resolve-system" parameter)

This document defines a new parameter "resolve-system" to the input for some of the NETCONF and RESTCONF operations. Clients that are aware of the "resolve-system" parameter MAY use this parameter to avoid the requirement to provide a referentially complete configuration.

The "resolve-system" parameter is optional and has no value. If it is present, and the server supports this capability, the server MUST copy referenced system nodes into the target datastore (e.g., <candidate> and <running>) where it is missing from without the client doing the copy/paste explicitly, to resolve any references not resolved by the client. If any child node of the copied configuration has its value being set by the system that is not the schema default value, it MUST also be copied into the target datastore (Section 6). The copy operation MUST NOT overwrite any explicit configuration in <running>. The server copies the referenced system-defined nodes only when triggered by the "resolve-system" parameter. Legacy clients don't see any changes in the server behaviors.

The server may automatically configure the list entries (with at least the keys) that are referenced elsewhere by the clients. Similarly, not all the contents of the list entry (i.e., the descendant nodes) are necessarily copied by the server - only the parts that are required to make configuration valid.

There is no distinction between the configuration automatically configured by the server and the one explicitly declared by the client, e.g., a read back of the datastore (e.g., NETCONF <get>/<get-config>/<get-data> operation, or RESTCONF GET method) returns automatically configured nodes.

Note that even though an auto-configured node is allowed to be deleted from the target datastore by the client, the system may automatically recreate the deleted node to make configuration valid, when a "resolve-system" parameter is carried. It is also possible that the operation request (e.g., <edit-config>) may not succeed due to incomplete referential integrity.

Support for the "resolve-system" parameter is OPTIONAL. Servers not supporting NMDA [RFC8342] MAY also implement this parameter without implementing the system configuration datastore, which would only eliminate the ability to retrieve the system configuration via protocol operations. If a server implements <system>, referenced system configuration is copied from <system> into the target datastore when the "resolve-system" parameter is used; otherwise it is an implementation decision where to copy referenced system configuration.

5.3.1. NETCONF Support for "resolve-system" Parameter

This document defines a NETCONF protocol capability to indicate support for this parameter. NETCONF server that supports "resolve-system" parameter MUST advertise the following capability identifier:

urn:ietf:params:netconf:capability:resolve-system:1.0

5.3.2. RESTCONF Support for "resolve-system" Parameter

5.3.2.1. Query Parameter

The "resolve-system" parameter may be present in the request URI of some RESTCONF operations as shown in Figure 2. This parameter is only allowed with no values carried. If this parameter has any unexpected value, then a "400 Bad Request" status-line is returned.

+----------------+---------+-----------------------------------------+
| Name           | Methods | Description                             |
+----------------+---------+-----------------------------------------+
|resolve-system  | POST,   | resolve any references not resolved by  |
|                | PUT     | the client and copy referenced          |
|                | PATCH   | system configuration into <running>     |
|                |         | automatically. This parameter can be    |
|                |         | given in any order.                     |
+----------------+---------+-----------------------------------------+
Figure 2: RESTCONF "resolve-system" Query Parameter
5.3.2.1.1. Query Parameter URI

To enable a RESTCONF client to discover if the "resolve-system" query parameter is supported by the server, the following capability URI is defined, which is advertised by the server if supported, using the "ietf-restconf-monitoring" module defined in [RFC8040]:

urn:ietf:params:restconf:capability:resolve-system:1.0

5.4. Modifying (Overriding) System Configuration

In some cases, a server may allow some parts of system configuration to be modified. Modification of system configuration is achieved by the client writing configuration to <running> that overrides the system configuration. Configurations defined in <running> take precedence over system configuration nodes in <system> if the server allows the nodes to be modified.

For instance, descendant nodes in a system-defined list entry may be modifiable or not, even if some system configuration has been copied into <running> earlier. If a system node is non-modifiable, then writing a different value for that node MUST return an error during a <edit-config>, <validate> or <commit> operation, depending on the target datastore. The immutability of system configuration is defined in [I-D.ietf-netmod-immutable-flag].

5.5. Examples

This section presents some sample data models and corresponding contents of various datastores with different dynamical behaviors above. The XML snippets are used only for examples.

5.5.1. Server Configuring of <running> Automatically

In this subsection, the following fictional module is used:

module example-application {
  yang-version 1.1;
  namespace "urn:example:application";
  prefix "app";

  import ietf-inet-types {
    prefix "inet";
  }
  container applications {
    list application {
      key "name";
      leaf name {
        type string;
      }
      leaf protocol {
        type enumeration {
          enum tcp;
          enum udp;
        }
      }
      leaf destination-port {
        type inet:port-number;
      }
    }
  }
}

The server may predefine some applications as a convenience for clients. The system-instantiated application entries may be present in <system> as follows:

<applications xmlns="urn:example:application">
  <application>
    <name>ftp</name>
    <protocol>tcp</protocol>
    <destination-port>21</destination-port>
  </application>
  <application>
    <name>tftp</name>
    <protocol>udp</protocol>
    <destination-port>69</destination-port>
  </application>
  <application>
    <name>smtp</name>
    <protocol>tcp</protocol>
    <destination-port>25</destination-port>
  </application>
</applications>

The client may also define its customized applications. Suppose the configuration of applications is present in <running> as follows:

<applications xmlns="urn:example:application">
  <application>
    <name>my-app-1</name>
    <protocol>tcp</protocol>
    <destination-port>2345</destination-port>
  </application>
  <application>
    <name>my-app-2</name>
    <protocol>udp</protocol>
    <destination-port>69</destination-port>
  </application>
</applications>

A fictional ACL YANG module is used as follows, which defines a leafref for the leaf-list "application" data node to refer to an existing application name.

module example-acl {
  yang-version 1.1;
  namespace "urn:example:acl";
  prefix "acl";

  import example-application {
    prefix "app";
  }

  import ietf-inet-types {
    prefix "inet";
  }

  container acl {
    list acl-rule {
      key "name";
      leaf name {
        type string;
      }
      container matches {
        choice l3 {
          container ipv4 {
            leaf src-address {
              type inet:ipv4-prefix;
            }
            leaf dst-address {
              type inet:ipv4-prefix;
            }
          }
        }
        choice applications {
          leaf-list application {
            type leafref {
            path "/app:applications/app:application/app:name";
            }
          }
        }
      }
      leaf packet-action {
        type enumeration {
          enum forward;
          enum drop;
          enum redirect;
        }
      }
    }
  }
}

If a client configures an ACL rule referencing system provided applications which are not present in <running>, the client may issue an <edit-config> operation with the parameter "resolve-system" to the NETCONF server as follows:

<rpc message-id="101"
     xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <acl xmlns="urn:example:acl">
        <acl-rule>
          <name>allow-access-to-ftp-tftp</name>
          <matches>
            <ipv4>
              <src-address>198.51.100.0/24</src-address>
              <dst-address>192.0.2.0/24</dst-address>
            </ipv4>
            <application>ftp</application>
            <application>tftp</application>
            <application>my-app-1</application>
          </matches>
          <packet-action>forward</packet-action>
        </acl-rule>
      </acl>
    </config>
    <resolve-system/>
  </edit-config>
</rpc>

The following gives the configuration of applications in <running> which is returned in the response to a follow-up retrieval operation:

<applications xmlns="urn:example:application">
  <application>
    <name>my-app-1</name>
    <protocol>tcp</protocol>
    <destination-port>2345</destination-port>
  </application>
  <application>
    <name>my-app-2</name>
    <protocol>udp</protocol>
    <destination-port>69</destination-port>
  </application>
  <application>
    <name>ftp</name>
  </application>
  <application>
    <name>tftp</name>
  </application>
</applications>

And the configuration of applications is present in <operational> as follows:

<applications xmlns="urn:example:application"
              xmlns:or="urn:ietf:params:xml:ns:yang:ietf-origin"
              or:origin="or:intended">
  <application>
    <name>my-app-1</name>
    <protocol>tcp</protocol>
    <destination-port>2345</destination-port>
  </application>
  <application>
    <name>my-app-2</name>
    <protocol>udp</protocol>
    <destination-port>69</destination-port>
  </application>
  <application>
    <name>ftp</name>
    <protocol or:origin="or:system">tcp</protocol>
    <destination-port or:origin="or:system">21</destination-port>
  </application>
  <application>
    <name>tftp</name>
    <protocol or:origin="or:system">udp</protocol>
    <destination-port or:origin="or:system">69</destination-port>
  </application>
</applications>

Since the configuration of application "smtp" is not referenced by the client, some implementation may consider it not to be "in use", hence it is omitted from <operational> but only present in <system>.

5.5.2. Declaring a System-defined Node in <running> Explicitly

It's also possible for a client to explicitly declare the system-defined configurations that are referenced instead of using the "resolve-system" parameter. For instance, in the above example, the client MAY also explicitly configure the following system defined applications "ftp" and "tftp" only with the list key "name":

<applications xmlns="urn:example:application">
  <application>
    <name>ftp</name>
  </application>
  <application>
    <name>tftp</name>
  </application>
</applications>

And the configuration of ACL rules referencing application "ftp" and "tftp" are as follows:

<acl xmlns="urn:example:acl">
  <acl-rule>
    <name>allow-access-to-ftp-tftp</name>
    <matches>
      <ipv4>
        <src-address>198.51.100.0/24</src-address>
        <dst-address>192.0.2.0/24</dst-address>
      </ipv4>
      <application>ftp</application>
      <application>tftp</application>
      <application>my-app-1</application>
    </matches>
    <packet-action>forward</packet-action>
  </acl-rule>
</acl>

Once the data is written to <running>, it makes no difference whether it is explicitly declared by the client or automatically copied by the server. The configuration for applications in <running> and <operational> would be identical to the ones in Section 5.5.1.

5.5.3. Modifying a System-instantiated Leaf's Value

This subsection uses the following fictional interface YANG module:

module example-interface {
  yang-version 1.1;
  namespace "urn:example:interface";
  prefix "exif";

  import ietf-inet-types {
    prefix "inet";
  }

  container interfaces {
    list interface {
      key name;
      leaf name {
        type string;
      }
      leaf description {
        type string;
      }
      leaf mtu {
        type uint32;
      }
      leaf-list ip-address {
        type inet:ip-address;
      }
    }
  }
}

Suppose the system provides a loopback interface (named "lo0") with a MTU value "65536", a default IPv4 address of "127.0.0.1", and a default IPv6 address of "::1". The configuration of "lo0" interface is present in <system> as follows:

<interfaces xmlns="urn:example:interface">
  <interface>
    <name>lo0</name>
    <mtu>65536</mtu>
    <ip-address>127.0.0.1</ip-address>
    <ip-address>::1</ip-address>
  </interface>
</interfaces>

A client modifies the value of MTU to 9216 and adds the following configuration into <running>:

<interfaces xmlns="urn:example:interface">
  <interface>
    <name>lo0</name>
    <mtu>9216</mtu>
  </interface>
</interfaces>

Then the configuration of interfaces is present in <operational> as follows:

<interfaces xmlns="urn:example:interface"
            xmlns:or="urn:ietf:params:xml:ns:yang:ietf-origin"
            or:origin="or:intended">
  <interface>
    <name>lo0</name>
    <mtu>65535</mtu>
    <ip-address or:origin="or:system">127.0.0.1</ip-address>
    <ip-address or:origin="or:system">::1</ip-address>
  </interface>
</interfaces>

5.5.4. Configuring Descendant Nodes of a System-defined Node

In the above example, image the client further configures the description node of a "lo0" interface in <running> as follows:

<interfaces xmlns="urn:example:interface">
  <interface>
    <name>lo0</name>
    <description>loopback</description>
  </interface>
</interfaces>

The configuration of interface "lo0" is present in <operational> as follows:

<interfaces xmlns="urn:example:interface"
            xmlns:or="urn:ietf:params:xml:ns:yang:ietf-origin"
            or:origin="or:intended">
  <interface>
    <name>lo0</name>
    <description>loopback</description>
    <mtu>65535</mtu>
    <ip-address or:origin="or:system">127.0.0.1</ip-address>
    <ip-address or:origin="or:system">::1</ip-address>
  </interface>
</interfaces>

6. Default Interactions

<system> should not contain the configuration using the schema default value, either specified in the "default" statement or described in the "description" statement.

Any value provided by the system that is not the schema default value MUST be contained in <system>. If system provides a value that is not the schema default value, and the node is not explicitly set by the client, it MUST be copied into the target datastore when its closest ancestor node needs to be copied to satisfy referential integrity constraints.

7. Relation to Other Datastores

7.1. The "factory-default" Datastore

Any deletable system-provided configuration that is populated as part of <running> by the system at boot up, without being part of the contents of a <startup> datastore, must be defined in <factory-default> [RFC8808], which is used to initialize <running> when the device is first-time powered on or reset to its factory default condition.

The <factory-reset> RPC operation can reset <system> to its factory default contents.

7.2. The "candidate" Datastore

If the device supports the :candidate or :private-candidate [I-D.ietf-netconf-privcand] capability, a client may edit the candidate or private-candidate datastore without expecting it to be valid until a <commit> or <validate> operation takes place. The client may use the "resolve-system" parameter in one of the following situations:

In particular, [I-D.ietf-netconf-privcand] defines the concept of conflict, the server's copy referenced system nodes triggered by "resolve-system" parameter might conflict with the contents of <running>, the conflict resolution is no different than the resolution of conflict caused by configuration explicitly provided by the client.

8. The "ietf-system-datastore" Module

8.1. Data Model Overview

This YANG module defines a new YANG identity named "system" that uses the "ds:datastore" identity defined in [RFC8342]. A client can discover the system configuration datastore support on the server by reading the YANG library information from the operational state datastore.

The system datastore is defined as a conventional configuration datastore and shares a common datastore schema with other conventional datastores.

The following diagram illustrates the relationship amongst the "identity" statements defined in the "ietf-system-datastore" and "ietf-datastores" YANG modules:

Identities:
    +--- datastore
    |  +--- conventional
    |  |  +--- running
    |  |  +--- candidate
    |  |  +--- startup
    |  |  +--- system
    |  |  +--- intended
    |  +--- dynamic
    |  +--- operational

The diagram above uses syntax that is similar to but not defined in [RFC8340].

8.2. Example Usage

This section gives an example of data retrieval from <system>. The fictional YANG module used following are from Appendix C.2 of [RFC8342].

container bgp {
  leaf local-as {
    type uint32;
  }
  leaf peer-as {
    type uint32;
  }
  list peer {
    key name;
    leaf name {
      type inet:ip-address;
    }
    leaf local-as {
      type uint32;
      description
        "... Defaults to ../local-as.";
    }
    leaf peer-as {
      type uint32;
      description
        "... Defaults to ../peer-as.";
    }
    leaf local-port {
      type inet:port;
    }
    leaf remote-port {
      type inet:port;
      default 179;
    }
    leaf state {
      config false;
      type enumeration {
        enum init;
        enum established;
        enum closing;
      }
    }
  }
}

All the messages are presented in a protocol-independent manner. JSON is used to not imply a preferred encoding in this document.

Suppose the following BGP peer configuration is added to <running>:

{
    "bgp": {
        "local-as": "64501",
        "peer-as": "64502",
        "peer": {
            "name": "2001:db8::2:3",
            "local-as": "64501",
            "peer-as": "64502"
        }
    }
}

The local port and remote port are used when the BGP peer connection is established. Since both are not supplied explicitly in <running> and <intended>, the default value for "bgp/peer/remote-port" is used, and there is no default statement for "bgp/peer/local-port", the system will select a value for it. So the contents of <system> are shown as follows:

{
    "bgp": {
        "peer": {
            "name": "2001:db8::2:3",
            "local-port": "60794"
        }
    }
}

8.3. YANG Module

<CODE BEGINS> file "ietf-system-datastore@2024-05-31.yang"

module ietf-system-datastore {
  yang-version 1.1;
  namespace "urn:ietf:params:xml:ns:yang:ietf-system-datastore";
  prefix sysds;

  import ietf-datastores {
    prefix ds;
    reference
      "RFC 8342: Network Management Datastore Architecture(NMDA)";
  }

  organization
    "IETF NETDOD (Network Modeling) Working Group";
  contact
    "WG Web:   https://datatracker.ietf.org/wg/netmod/
     WG List:  NETMOD WG list <mailto:netmod@ietf.org>

     Author: Qiufang Ma
             <mailto:maqiufang1@huawei.com>
     Author: Qin Wu
             <mailto:bill.wu@huawei.com>
     Author: Chong Feng
             <mailto:fengchongllly@gmail.com>";
  description
    "This module defines a new YANG identity that uses the
     ds:datastore identity defined in [RFC8342].

     Copyright (c) 2024 IETF Trust and the persons identified
     as authors of the code. All rights reserved.

     Redistribution and use in source and binary forms, with
     or without modification, is permitted pursuant to, and
     subject to the license terms contained in, the Revised
     BSD License set forth in Section 4.c of the IETF Trust's
     Legal Provisions Relating to IETF Documents
     (https://trustee.ietf.org/license-info).

     This version of this YANG module is part of RFC XXXX
     (https://www.rfc-editor.org/info/rfcXXXX); see the RFC
     itself for full legal notices.

     The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
     'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
     'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document
     are to be interpreted as described in BCP 14 (RFC 2119)
     (RFC 8174) when, and only when, they appear in all
     capitals, as shown here.";

  revision 2024-05-31 {
    description
      "Initial version.";
    reference
      "RFC XXXX: System-defined Configuration";
  }

  identity system {
    base ds:conventional;
    description
      "This read-only datastore contains the configuration
       provided by the system itself.";
  }
}

<CODE ENDS>

9. The "ietf-netconf-resolve-system" Module

This YANG module is optional to implement.

9.1. Data Model Overview

The following tree diagram [RFC8340] illustrates the "ietf-netconf-resolve-system" module:

module: ietf-netconf-resolve-system
  augment /nc:edit-config/nc:input:
    +---w resolve-system?   empty
  augment /nc:copy-config/nc:input:
    +---w resolve-system?   empty
  augment /nc:validate/nc:input:
    +---w resolve-system?   empty
  augment /nc:commit/nc:input:
    +---w resolve-system?   empty
  augment /ncds:edit-data/ncds:input:
    +---w resolve-system?   empty

9.2. Example Usage

Please refer to Section 5.5.1 for example usage of the "resolve-system" parameter.

9.3. YANG Module

This module imports modules "ietf-netconf" and "ietf-netconf-nmda", defined in [RFC6241] and [RFC8526], respectively.

<CODE BEGINS> file "ietf-netconf-resolve-system@2024-05-31.yang"

module ietf-netconf-resolve-system {
  yang-version 1.1;
  namespace
    "urn:ietf:params:xml:ns:yang:ietf-netconf-resolve-system";
  prefix ncrs;

  import ietf-netconf {
    prefix nc;
    reference
      "RFC 6241: Network Configuration Protocol (NETCONF)";
  }
  import ietf-netconf-nmda {
    prefix ncds;
    reference
      "RFC 8526: NETCONF Extensions to Support the Network
       Management Datastore Architecture";
  }

  organization
    "IETF NETMOD (Network Modeling) Working Group";
  contact
    "WG Web:   <https://datatracker.ietf.org/wg/netmod/>
     WG List:  <mailto:netmod@ietf.org>

     Author: Qiufang Ma
             <mailto:maqiufang1@huawei.com>
     Author: Qin Wu
             <mailto:bill.wu@huawei.com>
     Author: Chong Feng
             <mailto:fengchongllly@gmail.com>";
  description
    "This module defines an extension to the NETCONF protocol
     that allows the NETCONF client to control whether the server
     is allowed to copy referenced system configuration
     automatically without the client doing so explicitly.

      Copyright (c) 2024 IETF Trust and the persons identified
      as authors of the code. All rights reserved.

      Redistribution and use in source and binary forms, with
      or without modification, is permitted pursuant to, and
      subject to the license terms contained in, the Revised
      BSD License set forth in Section 4.c of the IETF Trust's
      Legal Provisions Relating to IETF Documents
      (https://trustee.ietf.org/license-info).

      This version of this YANG module is part of RFC XXXX
      (https://www.rfc-editor.org/info/rfcXXXX); see the RFC
      itself for full legal notices.

      The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
      'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
      'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document
      are to be interpreted as described in BCP 14 (RFC 2119)
      (RFC 8174) when, and only when, they appear in all
      capitals, as shown here.";

  revision 2024-05-31 {
    description
      "Initial version.";
    reference
      "RFC XXXX: System-defined Configuration";
  }

  grouping resolve-system-grouping {
    description
      "Define the resolve-system parameter grouping.";
    leaf resolve-system {
      type empty;
      description
        "When present, the server MUST copy referenced system
         configuration into the target configuration datastore
         where it is missing from without the client doing the
         copy/paste explicitly.";
    }
  }

  augment "/nc:edit-config/nc:input" {
    description
      "Adds the 'resolve-system' parameter to the input of the
       NETCONF <edit-config> operation.";
    uses resolve-system-grouping;
  }

  augment "/nc:copy-config/nc:input" {
    description
      "Adds the 'resolve-system' parameter to the input of the
       NETCONF <copy-config> operation.";
    uses resolve-system-grouping;
  }
  augment "/nc:validate/nc:input" {
    description
      "Adds the 'resolve-system' parameter to the input of the
       NETCONF <validate> operation.";
    uses resolve-system-grouping;
  }
  augment "/nc:commit/nc:input" {
    description
      "Adds the 'resolve-system' parameter to the input of the
       NETCONF <commit> operation.";
    uses resolve-system-grouping;
  }
  augment "/ncds:edit-data/ncds:input" {
    description
      "Adds the 'resolve-system' parameter to the input of the
       NETCONF <edit-data> operation.";
    uses resolve-system-grouping;
  }
}

<CODE ENDS>

10. IANA Considerations

10.1. The "IETF XML" Registry

This document registers two XML namespace URNs in the 'IETF XML registry', following the format defined in [RFC3688].

   URI: urn:ietf:params:xml:ns:yang:ietf-system-datastore
   Registrant Contact: The IESG.
   XML: N/A, the requested URIs are XML namespaces.

   URI: urn:ietf:params:xml:ns:yang:ietf-netconf-resolve-system
   Registrant Contact: The IESG.
   XML: N/A, the requested URIs are XML namespaces.

10.2. The "YANG Module Names" Registry

This document registers two module names in the 'YANG Module Names' registry, defined in [RFC6020].

      name: ietf-system-datastore
      prefix: sys
      namespace: urn:ietf:params:xml:ns:yang:ietf-system-datatstore
      maintained by IANA: N
      RFC: XXXX // RFC Ed.: replace XXXX and remove this comment


      name: ietf-netconf-resolve-system
      prefix: ncrs
      namespace: urn:ietf:params:xml:ns:yang:ietf-netconf-resolve-system
      maintained by IANA: N
      RFC: XXXX // RFC Ed.: replace XXXX and remove this comment

10.3. NETCONF Capability URN Registry

This document registers the following capability identifier URN in the 'Network Configuration Protocol (NETCONF) Capability URNs' registry:

urn:ietf:params:netconf:capability:resolve-system:1.0

10.4. RESTCONF Capability URN Registry

This document registers a capability in the 'RESTCONF Capability URNs' registry [RFC8040]:

Index            Capability Identifier
-----------------------------------------------------------------------
:resolve-system  urn:ietf:params:restconf:capability:resolve-system:1.0

11. Security Considerations

11.1. Regarding the "ietf-system-datastore" YANG Module

The YANG module defined in this document extends the base operations for NETCONF [RFC6241] and RESTCONF [RFC8040]. The lowest NETCONF layer is the secure transport layer, and the mandatory-to-implement secure transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS, and the mandatory-to-implement secure transport is TLS [RFC8446].

The Network Configuration Access Control Model (NACM) [RFC8341] provides the means to restrict access for particular NETCONF users to a preconfigured subset of all available NETCONF protocol operations and content.

11.2. Regarding the "ietf-netconf-resolve-system" YANG Module

The YANG module defined in this document extends the base operations for NETCONF [RFC6241] and [RFC8526]. The lowest NETCONF layer is the secure transport layer, and the mandatory-to-implement secure transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS, and the mandatory-to-implement secure transport is TLS [RFC8446].

The Network Configuration Access Control Model (NACM) [RFC8341] provides the means to restrict access for particular NETCONF users to a preconfigured subset of all available NETCONF protocol operations and content.

The security considerations for the base NETCONF protocol operations (see Section 9 of [RFC6241] apply to the new extended RPC operations defined in this document. There is not any beyond the potential performance impacts of implementing the "resolve-system" parameter, which may mean employing some form of rate limiting or adapting the rate threshold might be a good idea to avoid DoS attacks.

12. References

12.1. Normative References

[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/info/rfc2119>.
[RFC6241]
Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., and A. Bierman, Ed., "Network Configuration Protocol (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, , <https://www.rfc-editor.org/info/rfc6241>.
[RFC6470]
Bierman, A., "Network Configuration Protocol (NETCONF) Base Notifications", RFC 6470, DOI 10.17487/RFC6470, , <https://www.rfc-editor.org/info/rfc6470>.
[RFC7950]
Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", RFC 7950, DOI 10.17487/RFC7950, , <https://www.rfc-editor.org/info/rfc7950>.
[RFC8040]
Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF Protocol", RFC 8040, DOI 10.17487/RFC8040, , <https://www.rfc-editor.org/info/rfc8040>.
[RFC8341]
Bierman, A. and M. Bjorklund, "Network Configuration Access Control Model", STD 91, RFC 8341, DOI 10.17487/RFC8341, , <https://www.rfc-editor.org/info/rfc8341>.
[RFC8342]
Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., and R. Wilton, "Network Management Datastore Architecture (NMDA)", RFC 8342, DOI 10.17487/RFC8342, , <https://www.rfc-editor.org/info/rfc8342>.
[RFC8526]
Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., and R. Wilton, "NETCONF Extensions to Support the Network Management Datastore Architecture", RFC 8526, DOI 10.17487/RFC8526, , <https://www.rfc-editor.org/info/rfc8526>.
[RFC8639]
Voit, E., Clemm, A., Gonzalez Prieto, A., Nilsen-Nygaard, E., and A. Tripathy, "Subscription to YANG Notifications", RFC 8639, DOI 10.17487/RFC8639, , <https://www.rfc-editor.org/info/rfc8639>.
[RFC8641]
Clemm, A. and E. Voit, "Subscription to YANG Notifications for Datastore Updates", RFC 8641, DOI 10.17487/RFC8641, , <https://www.rfc-editor.org/info/rfc8641>.

12.2. Informative References

[I-D.ietf-netconf-privcand]
Cumming, J. and R. Wills, "NETCONF Private Candidates", Work in Progress, Internet-Draft, draft-ietf-netconf-privcand-03, , <https://datatracker.ietf.org/doc/html/draft-ietf-netconf-privcand-03>.
[I-D.ietf-netmod-immutable-flag]
Ma, Q., Wu, Q., Lengyel, B., and H. Li, "YANG Metadata Annotation for Immutable Flag", Work in Progress, Internet-Draft, draft-ietf-netmod-immutable-flag-00, , <https://datatracker.ietf.org/doc/html/draft-ietf-netmod-immutable-flag-00>.
[RFC3688]
Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, DOI 10.17487/RFC3688, , <https://www.rfc-editor.org/info/rfc3688>.
[RFC6020]
Bjorklund, M., Ed., "YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF)", RFC 6020, DOI 10.17487/RFC6020, , <https://www.rfc-editor.org/info/rfc6020>.
[RFC6242]
Wasserman, M., "Using the NETCONF Protocol over Secure Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, , <https://www.rfc-editor.org/info/rfc6242>.
[RFC7952]
Lhotka, L., "Defining and Using Metadata with YANG", RFC 7952, DOI 10.17487/RFC7952, , <https://www.rfc-editor.org/info/rfc7952>.
[RFC8174]
Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, , <https://www.rfc-editor.org/info/rfc8174>.
[RFC8340]
Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", BCP 215, RFC 8340, DOI 10.17487/RFC8340, , <https://www.rfc-editor.org/info/rfc8340>.
[RFC8407]
Bierman, A., "Guidelines for Authors and Reviewers of Documents Containing YANG Data Models", BCP 216, RFC 8407, DOI 10.17487/RFC8407, , <https://www.rfc-editor.org/info/rfc8407>.
[RFC8446]
Rescorla, E., "The Transport Layer Security (TLS) Protocol Version 1.3", RFC 8446, DOI 10.17487/RFC8446, , <https://www.rfc-editor.org/info/rfc8446>.
[RFC8525]
Bierman, A., Bjorklund, M., Schoenwaelder, J., Watsen, K., and R. Wilton, "YANG Library", RFC 8525, DOI 10.17487/RFC8525, , <https://www.rfc-editor.org/info/rfc8525>.
[RFC8808]
Wu, Q., Lengyel, B., and Y. Niu, "A YANG Data Model for Factory Default Settings", RFC 8808, DOI 10.17487/RFC8808, , <https://www.rfc-editor.org/info/rfc8808>.

Appendix A. Key Use Cases

Following provides three use cases related to how <system> interacts with other datastores (e.g., <running>, <intended>, and <operational>). The simple interface data model defined in Appendix C.3 of [RFC8342] is used. For each use case, corresponding sample configuration in <running>, <system>, <intended> and <operational> are shown. The XML snippets are used only for illustration purposes.

A.1. Device Powers On

When the device is powered on, suppose the system provides a loopback interface (named "lo0") which is not explicitly configured in <running>. Thus, no configuration for interfaces appears in <running>;

And the contents of <system> are:

<interfaces>
  <interface>
    <name>lo0</name>
    <ip-address>127.0.0.1</ip-address>
    <ip-address>::1</ip-address>
  </interface>
</interfaces>

In this case, the configuration of loopback interface is only present in <system>, the exact configuration also shows up in <intended>. The contents of <intended> appear as follows:

<interfaces>
  <interface>
    <name>lo0</name>
    <ip-address>127.0.0.1</ip-address>
    <ip-address>::1</ip-address>
  </interface>
</interfaces>

And <operational> will show the system-provided loopback interface:

<interfaces xmlns:or="urn:ietf:params:xml:ns:yang:ietf-origin"
            or:origin="or:system">
  <interface>
    <name>lo0</name>
    <ip-address>127.0.0.1</ip-address>
    <ip-address>::1</ip-address>
  </interface>
</interfaces>

A.2. Client Commits Configuration

If a client creates an interface "et-0/0/0" but the interface does not physically exist at this point, what is in <running> appears as follows:

<interfaces>
  <interface>
    <name>et-0/0/0</name>
    <description>Test interface</description>
  </interface>
</interfaces>

And the contents of <system> keep unchanged since the interface is not physically present:

<interfaces>
  <interface>
    <name>lo0</name>
    <ip-address>127.0.0.1</ip-address>
    <ip-address>::1</ip-address>
  </interface>
</interfaces>

The contents of <intended> represent the merged data of <system> and <running>:

<interfaces>
  <interface>
    <name>lo0</name>
    <ip-address>127.0.0.1</ip-address>
    <ip-address>::1</ip-address>
  </interface>
  <interface>
    <name>et-0/0/0</name>
    <description>Test interface</description>
  </interface>
</interfaces>

Since the interface named "eth-0/0/0" does not exist, the associated configuration is not present in <operational>, which appears as follows:

<interfaces xmlns:or="urn:ietf:params:xml:ns:yang:ietf-origin"
            or:origin="or:intended">
  <interface or:origin="or:system">
    <name>lo0</name>
    <ip-address>127.0.0.1</ip-address>
    <ip-address>::1</ip-address>
  </interface>
</interfaces>

A.3. Operator Installs Card into a Chassis

When the interface is installed by the operator, the system will detect it and generate the associated configuration in <system>. The contents of <running> keep unchanged:

<interfaces>
  <interface>
    <name>et-0/0/0</name>
    <description>Test interface</description>
  </interface>
</interfaces>

And <system> might appear as follows:

<interfaces>
  <interface>
    <name>lo0</name>
    <ip-address>127.0.0.1</ip-address>
    <ip-address>::1</ip-address>
  </interface>
  <interface>
    <name>et-0/0/0</name>
    <mtu>1500</mtu>
  </interface>
</interfaces>

Then <intended> contains the merged configuration of <system> and <running>:

<interfaces>
  <interface>
    <name>lo0</name>
    <ip-address>127.0.0.1</ip-address>
    <ip-address>::1</ip-address>
  </interface>
  <interface>
    <name>et-0/0/0</name>
    <description>Test interface</description>
    <mtu>1500</mtu>
  </interface>
</interfaces>

And the contents of <operational> appear as follows:

<interfaces xmlns:or="urn:ietf:params:xml:ns:yang:ietf-origin"
            or:origin="or:intended">
  <interface or:origin="or:system">
    <name>lo0</name>
    <ip-address>127.0.0.1</ip-address>
    <ip-address>::1</ip-address>
  </interface>
  <interface>
    <name>et-0/0/0</name>
    <description>Test interface</description>
    <mtu or:origin="or:system">1500</mtu>
  </interface>
</interfaces>

Appendix B. Changes between Revisions

v05 - v06

v04 - v05

v03 - v04

v02 - v03

v01 - v02

v00 - v01

Acknowledgements

The authors would like to thank for following for discussions and providing input to this document: Balazs Lengyel, Robert Wilton, Juergen Schoenwaelder, Andy Bierman, Martin Bjorklund, Mohamed Boucadair, Alexander Clemm, and Timothy Carey.

Contributors

Kent Watsen
Watsen Networks
Email: kent+ietf@watsen.net

Jan Lindblad
Cisco Systems
Email: jlindbla@cisco.com

Chongfeng Xie
China Telecom
Beijing
China
Email: xiechf@chinatelecom.cn

Jason Sterne
Nokia
Email: jason.sterne@nokia.com

Authors' Addresses

Qiufang Ma (editor)
Huawei
101 Software Avenue, Yuhua District
Nanjing
Jiangsu, 210012
China
Qin Wu
Huawei
101 Software Avenue, Yuhua District
Nanjing
Jiangsu, 210012
China
Chong Feng