Network Working Group X. Liu Internet-Draft Jabil Intended status: Standards Track I. Bryskin Expires: September 9, 2017 Huawei Technologies V. Beeram Juniper Networks T. Saad Cisco Systems Inc H. Shah Ciena O. Gonzalez de Dios Telefonica March 9, 2017 A YANG Data Model for Configuration Scheduling draft-liu-netmod-yang-schedule-03 Abstract This document describes a data model for configuration scheduling. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html This Internet-Draft will expire on September 9, 2017. Liu, et al. Expires September 9, 2017 [Page 1] Internet-Draft draft-liu-netmod-yang-schedule-03 March 2017 Copyright Notice Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction...................................................2 1.1. Terminology...............................................3 2. Motivation.....................................................3 3. Configuration Scheduling YANG Data Model Overview..............3 4. Usage Example..................................................4 5. Relations to Datastores........................................7 5.1. Validation................................................7 5.2. Schedules Expansion and Operational States................7 5.3. Server Executions at Scheduled Moments....................7 5.4. Interactions with Locks...................................8 5.5. Interactions with Authorization Mechanism.................8 6. Synchronization Aspects........................................8 7. Configuration Scheduling YANG Module...........................8 8. Security Considerations.......................................14 9. Contributors..................................................15 10. References...................................................15 10.1. Normative References....................................15 10.2. Informative References..................................16 1. Introduction This document introduces a YANG [RFC6020] data model for configuration scheduling. This model can be used together with other YANG data models to specify a schedule applied on a configuration data node, so that the configuration data can take effect according to the schedule. Such a configuration schedule can be one-time or recurring, with its properties persistently saved in the datastores of the management system server. Liu, et al. Expires September 9, 2017 [Page 2] Internet-Draft draft-liu-netmod-yang-schedule-03 March 2017 The mechanism described in this document is designed to complement the one described in [RFC7758], which defines a capability extension to NETCONF to allow time-triggered RPCs. Such RPCs can be executed at a future time moment, but cannot be repeated and is not saved in the persistent datastores. 1.1. Terminology The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14, [RFC2119]. The following terms are defined in [RFC6020] and are not redefined here: o augment o data model o data node 2. Motivation Some applications benefit from resource scheduling to allow operators to plan ahead of time. Traffic engineering is one of such examples [RFC7399]. When configuration and state models are designed for such applications, it has been considered that certain data objects need to be configured according to predefined schedules. In other situations, operators need to de-configure certain data objects at predefined schedules for the purposes such as maintenance. These data objects are interpreted and implemented by the applicable applications. Delay/Disruption Tolerant Networking (DTN) is another example for which the scheduled configuration can be used, where a long-lived, reliable, low-latency sequenced data delivery session is unsustainable. Section 4.3 of [I-D.birrane-dtn-ama] describes the Autonomous Parameterized Control. Time-based event is one of the two types of triggers in such a system. 3. Configuration Scheduling YANG Data Model Overview This document defines a YANG data model that specifies configuration schedules for other YANG data models. For each targeted configuration data object or a group of configuration data objects, an entry is Liu, et al. Expires September 9, 2017 [Page 3] Internet-Draft draft-liu-netmod-yang-schedule-03 March 2017 specified along with requested schedules using this configuration schedule model. The application implementing the targeted schema nodes implements the configuration schedules, configuring or de- configuring the specified objects according to the specified schedules. The model schema of the targeted application does not need changes, so the data model described in this document can be used for any data model. The configuration scheduling YANG data model has the following structure: module: ietf-schedule +--rw configuration-schedules +--rw target* [object] +--rw object yang:xpath1.0 +--rw operation? operation +--rw data-value? anydata +--rw schedules | +--rw schedule* [schedule-id] | +--rw schedule-id uint32 | +--rw inclusive-exclusive? enumeration | +--rw start? yang:date-and-time | +--rw schedule-duration? string | +--rw repeat-interval? string +--ro state | +--ro future-executions | +--ro execution* [start] | +--ro start yang:date-and-time | +--ro duration? string | +--ro operation? operation +---n execution +---- operation operation +---- datetime? yang:date-and-time +---- results? anydata 4. Usage Example The following model defines a list of TE (Traffic Engineering) links which can be configured with specified schedules: module: example +--rw te-links +--rw te-link* [id] +--rw id string Liu, et al. Expires September 9, 2017 [Page 4] Internet-Draft draft-liu-netmod-yang-schedule-03 March 2017 +--rw enabled? boolean The following configuration requests that o link-1 is configured weekly for five one-day periods, starting from 2016-09-12T23:20:50.52Z. o link-2 is de-configured for two hours, starting from 2016-09- 15T01:00:00.00Z. /ex:te-links configure link-1 true 01 11 2016-09-12T23:20:50.52Z P1D R5/P1W /ex:te-links configure link-2 true Liu, et al. Expires September 9, 2017 [Page 5] Internet-Draft draft-liu-netmod-yang-schedule-03 March 2017 12 exclusive 2016-09-15T01:00:00.00Z P2H The following configuration requests that o link-1 is enabled weekly for five one-day periods, starting from 2016-09-12T23:20:50.52Z. o link-2 is not enabled for two hours, starting from 2016-09- 15T01:00:00.00Z. /ex:te-links/ex:te-link[ex:link-id='link- 1']/ex:enabled set true 11 2016-09-12T23:20:50.52Z P1D R5/P1W /ex:te-links/ex:te-link[ex:link-id='link- 2']/ex:enabled set true 12 exclusive Liu, et al. Expires September 9, 2017 [Page 6] Internet-Draft draft-liu-netmod-yang-schedule-03 March 2017 2016-09-15T01:00:00.00Z P2H 5. Relations to Datastores NETCONF defines configuration datastores and operations that can be used to access these datastores. The configuration data encoded according to this data model is persistently saved in the proper datastores in the same way as other data model, such as ietf- interfaces. 5.1. Validation When configuration data based on this model is received, the server MUST perform syntax validations on the received data nodes, and examine the requested schedules. The server does not validate whether requested target configuration data can be applied to the target configuration objects, until the actual scheduled time arrives. At each scheduled time moment, the server applies the requested target configuration data to the target configuration objects. The server MUST perform the validations on the target configuration data along with the current target configuration objects in the proper datastore. 5.2. Schedules Expansion and Operational States The server SHOULD expand these schedules and expose them to the client as operational states. 5.3. Server Executions at Scheduled Moments At each scheduled time moment, the server applies the requested target configuration data to the target configuration objects, as if an RPC request is newly received. Whether such a time-triggered configuration is successfully applied depends on the configuration data of the target object and requested configuration data. The results of such executions are sent to the client through notifications. The notification management mechanism described in [I- D.ietf-netconf-yang-push] and [I-D.ietf-netconf-rfc5277bis] can be Liu, et al. Expires September 9, 2017 [Page 7] Internet-Draft draft-liu-netmod-yang-schedule-03 March 2017 used to enable, disable, subscribe, filter, and replay the notifications. 5.4. Interactions with Locks The rules of datastore lock specified by NETCONF [RFC6241] are checked when the schedule configuration data is received and when the target configuration data is applied. 5.5. Interactions with Authorization Mechanism If the server implements any authorization mechanism, the authorization rules MUST be checked against this data model schema when the schedule configuration data is received. At each scheduled time moment, the authorization rules MUST be checked against the target objects by using the target configuration data. To check the authorization rules, the server uses the same client credential learned when the initial configuration data was received. 6. Synchronization Aspects The scheduling mechanisms described in this document assume that servers have access to the wall-clock time. Thus, servers are required to acquire the time-of-day from an external time source, for example using the Network Time Protocol [RFC5905], or the Precision Time Protocol [IEEE1588]. It is assumed that the client and servers rely on a common time source, so as to guarantee that schedules are defined with respect to a common reference. In order to avoid the potential ambiguity of different time zones and daylight saving time, it is recommended to define all schedules in the UTC time zone, using the suffix 'Z'. For example, the time 2016-09-12T23:20:50.52Z, is specified with respect to the UTC time zone. 7. Configuration Scheduling YANG Module file "ietf-schedule@2017-03-06.yang" module ietf-schedule { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-schedule"; prefix "sch"; Liu, et al. Expires September 9, 2017 [Page 8] Internet-Draft draft-liu-netmod-yang-schedule-03 March 2017 import ietf-yang-types { prefix "yang"; } organization "TBD"; contact "TBD"; description "The model allows time scheduling parameters to be specified."; revision "2017-03-06" { description "Initial revision"; reference "TBD"; } /* * Typedefs */ typedef operation { type enumeration { enum configure { description "Create the configuration data."; } enum deconfigure { description "Remove the configuration data."; } enum set { description "Set the specified configuration data."; } enum reset { description "Revert the specified configuration data back to the original value."; } } description "Operation type."; } Liu, et al. Expires September 9, 2017 [Page 9] Internet-Draft draft-liu-netmod-yang-schedule-03 March 2017 /* * Groupings */ grouping schedule-config-attributes { description "A group of attributes for a schedule."; leaf inclusive-exclusive { type enumeration { enum inclusive { description "The schedule element is inclusive, i.e., the schedule specifies the time at which the element is enabled."; } enum exclusive { description "The schedule element is exclusive. i.e., the schedule specifies the time at which the element is disabled."; } } default "inclusive"; description "Whether the list item is inclusive or exclusive."; } leaf start { type yang:date-and-time; description "Start time."; } leaf schedule-duration { type string { pattern 'P(\d+Y)?(\d+M)?(\d+W)?(\d+D)?T(\d+H)?(\d+M)?(\d+S)?'; } description "Schedule duration in ISO 8601 format."; } leaf repeat-interval { type string { pattern 'R\d*/P(\d+Y)?(\d+M)?(\d+W)?(\d+D)?T(\d+H)?(\d+M)?' Liu, et al. Expires September 9, 2017 [Page 10] Internet-Draft draft-liu-netmod-yang-schedule-03 March 2017 + '(\d+S)?'; } description "Repeat interval in ISO 8601 format."; } } // schedule-config-attributes grouping schedule-config-notification { description "A group of attributes for a schedule notification."; notification execution { description "Notification event for an execution performed on a target object."; leaf operation { type operation; mandatory true; description "Operation type."; } leaf datetime { type yang:date-and-time; description "The date and time when the execution was performed."; } anydata results { description "This chunk of data contains the results of the execution performed on the target object. The results are the same or equivalent to the contents of a message, Because of the nature of such a target execution, a message is not used to return the execution results. Instead, this notification is used to serve the same purpose."; } } } // schedule-config-notification grouping schedule-state-attributes { description "State attributes for a schedule."; Liu, et al. Expires September 9, 2017 [Page 11] Internet-Draft draft-liu-netmod-yang-schedule-03 March 2017 container future-executions { description "The state information of the nexte scheduled event."; list execution { key "start"; description "List of scheduled future executions."; leaf start { type yang:date-and-time; description "Start time."; } leaf duration { type string { pattern 'P(\d+Y)?(\d+M)?(\d+W)?(\d+D)?T(\d+H)?(\d+M)?(\d+S)?'; } description "Schedule duration in ISO 8601 format."; } leaf operation { type operation; description "Operation type."; } } // event } // future-events } // schedule-state-attributes grouping schedules { description "A list of schedules defining when a particular configuration takes effect."; container schedules { description "Container of a schedule list defining when a particular configuration takes effect."; list schedule { key "schedule-id"; description "A list of schedule elements."; leaf schedule-id { type uint32; description "Identifies the schedule element."; Liu, et al. Expires September 9, 2017 [Page 12] Internet-Draft draft-liu-netmod-yang-schedule-03 March 2017 } uses schedule-config-attributes; } } } // schedules /* * Configuration data and operational state nodes */ container configuration-schedules { description "Serves as top-level container for a list of configuration schedules."; list target { key "object"; description "A list of targets that configuration schedules are applied."; leaf object { type yang:xpath1.0; description "Xpath defining the data items of interest."; } leaf operation { type operation; default "configure"; description "Operation type."; } anydata data-value { description "The data value applied to the leaf data node specified by data-objects. The format of the data value depends on the value of the leaf operation defined above: configure: data-value is the sub-tree added to the target object; deconfigure: data-value is the child to be deleted from the target object; set: the target object MULST be a leaf, and Liu, et al. Expires September 9, 2017 [Page 13] Internet-Draft draft-liu-netmod-yang-schedule-03 March 2017 data-value is the new value to be set to the target object; reset: data-value is ignored."; } uses schedules; container state { config false; description "Operational state data."; uses schedule-state-attributes; } // state uses schedule-config-notification; } // target } // configuration-schedules } 8. Security Considerations The configuration, state, action and notification data defined in this document are designed to be accessed via the NETCONF protocol [RFC6241]. The lowest NETCONF layer is the secure transport layer, and the mandatory-to-implement secure transport is Secure Shell (SSH) [RFC6242]. The NETCONF access control model [RFC6536] provides the means to restrict access for particular NETCONF users to a pre- configured subset of all available NETCONF protocol operations and contents. The functionality defined in this memo can potentially allow network reconnaissance; by gathering information about schedules an attacker can learn about the network policy, its temporal behavior, and future events. The schedule YANG model defines schedules that are writable, creatable, and deletable. Therefore, this model may be considered sensitive or vulnerable in some network environments. An attacker may maliciously configure a schedule in a way that disrupts the normal behavior of the network. Furthermore, an attacker may attempt to maliciously set a schedule or a set of schedules in a way that amplifies an attack, or schedules an attack to a particularly sensitive time instant. Liu, et al. Expires September 9, 2017 [Page 14] Internet-Draft draft-liu-netmod-yang-schedule-03 March 2017 The use of configuration scheduling implicitly assumes that there is an underlying synchronization or time distribution mechanism. Therefore, an attack on the synchronization mechanism may compromise the configuration scheduling. The security considerations of time protocols are discussed further in [RFC 7384]. 9. Contributors Tal Mizrahi Email: talmi@marvell.com 10. References 10.1. Normative References [IEEE1588] IEEE, "IEEE Standard for a Precision Clock Synchronization Protocol for Networked Measurement and Control Systems Version 2", IEEE Standard 1588. [RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch, "Network Time Protocol Version 4: Protocol and Algorithms Specification", RFC 5905, June 2010. [RFC6020] Bjorklund, M., "YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF)", RFC 6020, October 2010. [RFC6021] Schoenwaelder, J., "Common YANG Data Types", RFC 6021, October 2010. [RFC6241] Enns, R., Bjorklund, M., Schoenwaelder, J., and A. Bierman, "Network Configuration Protocol (NETCONF)", RFC 6241, June 2011. [RFC2234] Crocker, D. and Overell, P.(Editors), "Augmented BNF for Syntax Specifications: ABNF", RFC 2234, Internet Mail Consortium and Demon Internet Ltd., November 1997. [RFC7384] Mizrahi, T., "Security Requirements of Time Protocols in Packet Switched Networks", RFC 7384, October 2014. [RFC7399] Farrel, A. and King, D., "Unanswered Questions in the Path Computation Element Architecture", RFC 7399, October 2014. Liu, et al. Expires September 9, 2017 [Page 15] Internet-Draft draft-liu-netmod-yang-schedule-03 March 2017 [RFC7758] Mizrahi, T. and Moses, Y., "Time Capability in NETCONF", RFC7758, February 2016. [I-D.birrane-dtn-ama] Birrane, E., "Asynchronous Management Architecture", draft-birrane-dtn-ama-04 (work in progress), October 2016. [I-D.ietf-netconf-yang-push] Clemm, A., "Subscribing to YANG datastore push updates", draft-ietf- netconf-yang-push (Work in Progress). [I-D.ietf-netconf-rfc5277bis] Clemm, A., "Subscribing to Event Notifications", draft-ietf-netconf-rfc5277bis (Work in Progress). 10.2. Informative References [RFC6087] Bierman, A., "Guidelines for Authors and Reviewers of YANG Data Model Documents", RFC 6087, January 2011. Liu, et al. Expires September 9, 2017 [Page 16] Internet-Draft draft-liu-netmod-yang-schedule-03 March 2017 Authors' Addresses Xufeng Liu Jabil 8281 Greensboro Drive, Suite 200 McLean, VA 22102 USA Email: Xufeng_Liu@jabil.com Igor Bryskin Huawei Technologies Email: Igor.Bryskin@huawei.com Vishnu Pavan Beeram Juniper Networks Email: vbeeram@juniper.net Tarek Saad Cisco Systems Inc Email: tsaad@cisco.com Himanshu Shah Ciena Email: hshah@ciena.com Oscar Gonzalez de Dios Telefonica Email: oscar.gonzalezdedios@telefonica.com Liu, et al. Expires September 9, 2017 [Page 17]