Network Working Group                                           M. Scott
Internet-Draft                                               S. Chisholm
Updates:                                                          Nortel
draft-ietf-netconf-monitoring-00                            M. Bjorklund
(if approved)                                             Tail-f Systems
Intended status: Standards Track                       February 25, 2008
Expires: August 28, 2008


                       NETCONF Monitoring Schema
                    draft-ietf-netconf-monitoring-01

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on August 28, 2008.

Copyright Notice

   Copyright (C) The IETF Trust (2008).











Scott, et al.            Expires August 28, 2008                [Page 1]

Internet-Draft          NETCONF Monitoring Schema          February 2008


Abstract

   Today no standard method is defined to monitor the NETCONF protocol,
   including items such as sessions and subscription information.  As
   NETCONF adds these and increasing capabilities which can impact
   configuration management, monitoring becomes increasingly important.
   This document defines NETCONF content via XML Schema to be used to
   monitor the Netconf protocol.  It includes information about Netconf
   sessions, locks, and subscriptions and is intended to facilitate
   management of a NETCONF server.  In addition this memo defines a
   mechanism to be able to discover all possible data models (XML
   Schemas) from a NETCONF server.  This mechanism provides explicit
   references to supported schema versions and can be performed
   dynamically throughout a session, unlike capabilities exchange which
   is performed during session setup only.


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
     1.1.  Definition of Terms  . . . . . . . . . . . . . . . . . . .  3
   2.  XML Schema to Monitor Netconf  . . . . . . . . . . . . . . . .  4
   3.  Schema Specific Operations . . . . . . . . . . . . . . . . . .  8
     3.1.  NETCONF Schema List Retrieval (<get> monitoring data)  . .  8
   4.  Monitoring Schema (XSD)  . . . . . . . . . . . . . . . . . . . 11
   5.  Security Considerations  . . . . . . . . . . . . . . . . . . . 17
   6.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 18
   7.  Normative References . . . . . . . . . . . . . . . . . . . . . 19
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 20
   Intellectual Property and Copyright Statements . . . . . . . . . . 21





















Scott, et al.            Expires August 28, 2008                [Page 2]

Internet-Draft          NETCONF Monitoring Schema          February 2008


1.  Introduction

   [NETCONF] can be conceptually partitioned into four layers:

   Layer                      Example
    +-------------+      +----------------------------------------+
    |   Content   |      |     Configuration data                 |
    +-------------+      +----------------------------------------+
              |                           |
    +-------------+      +-------------------------------------------+
    | Operations  |      | <get-config>, <edit-config> <notification>|
    +-------------+      +-------------------------------------------+
              |                           |                    |
    +-------------+      +-----------------------------+       |
    |     RPC     |      |    <rpc>, <rpc-reply>       |       |
    +-------------+      +-----------------------------+       |
             |                           |                     |
    +-------------+      +------------------------------------------+
    | Transport   |      |   BEEP, SSH, SSL, console                |
    |   Protocol  |      |                                          |
    +-------------+      +------------------------------------------+


   This document defines Netconf content via [XML Schema] to be used to
   monitor the Netconf protocol.  It provides information about Netconf
   sessions and subscriptions.

                                 Figure 1

1.1.  Definition of Terms

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

   Element:  An [XML] Element.

   Managed Object:  A collection of one of more Elements that define an
      abstract thing of interest.

   Subscription:  A concept related to the delivery of notifications (if
      any to send) involving destination and selection of notifications.
      It is bound to the lifetime of a session.

   Operation:  This term is used to refer to NETCONF protocol
      operations.  Specifically within this document, operation refers
      to NETCONF protocol operations defined in support of NETCONF
      notifications.



Scott, et al.            Expires August 28, 2008                [Page 3]

Internet-Draft          NETCONF Monitoring Schema          February 2008


2.  XML Schema to Monitor Netconf

   The following data is proposed to allow a NETCONF client to monitor
   both the NETCONF server itself and the associated network device
   operational data.  The specific data proposed in this memo and
   suggested usage:


   netconfState:
     complex data type containing the monitored data for
     the NETCONF server and device.

      netconfState
        |_capabilities
        |_sessions
        |_configurations
        |_subscriptions
        |_schema

   capabilities (ComplexType:  CapabilitiesInfo):
     NETCONF capabilities supported by the server.  Contains the same
     information as exchanged during session setup.

   sessions (ComplexType:  ManagementSessionInfo):
     List of all active sessions on the device, including NETCONF and
     other sessions (ie. CLI).

   configurations (ComplexType:  ConfigurationDatastoreInfo):
     List of NETCONF datastores on the server.  Includes all supported
     datastore types (running, candidate, startup).

   subscriptions (ComplexType:  NetconfSubscriptionInfo):
     List of all NETCONF notification subscriptions active on the
     server.

   schema (ComplexType:  SchemaList):
     List of all supported schema on the device.




   capabilites:
     List of supported NETCONF capabilities supported by server.
     Minimally must contain the same capabilities exchanged during
     session setup.






Scott, et al.            Expires August 28, 2008                [Page 4]

Internet-Draft          NETCONF Monitoring Schema          February 2008


   sessions:
     ManagementSessionInfo complex data type.

      sessions
        |_sessionId
        |_transport
        |_protocol
        |_username
        |_sourceIdentifier
        |_loginTime


   sessionId:
     unique identifier for the session.

   transport:
     idenfities transport for each session.  Eg:  Console, SSH.

   protocol:
     identifies the protocol being used for each session.  Eg: NETCONF,
     CLI, Web UI, etc.

   username:
     session owner

   sourceIdentifier:
     identifier for the originator of the session.  Eg: nodename, IP
     address.

   loginTime:
     time (UTC) at which the session was established.




















Scott, et al.            Expires August 28, 2008                [Page 5]

Internet-Draft          NETCONF Monitoring Schema          February 2008


   configurations:
     NetconfDataStoreInfo complex data type.

      configurations
        |_name
        |_type
        |_lockStatus

   name:
     unique identifier for the datastore.

   type:
     enumeration of supported datastores; candidate, running,
     startup.

   lockStatus:
     enumeration of locked, unlocked.



   subscriptions:
     NetconfSubscriptionInfo complex type.  List of all notifications
     subscriptions for all active sessions.

      subscriptions
        |_sessionId
        |_subscription

   sessionId:
     unique identifier for the notifications.  Same value as returned in
     'sessions' to allow correlation.

   subscription:
     specific event notifications subscribed by session.  Unique
     identifier mappable to event subscriptions.
















Scott, et al.            Expires August 28, 2008                [Page 6]

Internet-Draft          NETCONF Monitoring Schema          February 2008


  schema:
    List of supported schemas for the NETCONF server.

     schema
       |_identifier
       |_version
       |_location

  identifier:
    unique identifier for the schema.

  version:
    version of the schema supported.  Multiple versions can be supported
    simultaneously.

  location:
    a location from which the schema can be retrieved.  Can be either on
    the network device (eg: URL), retrievable explicitly via netconf
    ('netconf') or some network location (eg: URL).
































Scott, et al.            Expires August 28, 2008                [Page 7]

Internet-Draft          NETCONF Monitoring Schema          February 2008


3.  Schema Specific Operations

   Schema list will be supported via existing NETCONF <get> operation
   and will be defined in the monitoring data model to facilitate
   retrieval.  This will support retrieval of the schema list
   specifically.  The details returned in the list will facilitate
   retrieval from a network location via a URL.  Additionally the
   ability to retrieve a schema via NETCONF will be supported.  In this
   case a new RPC operation will be introduced to support this
   retrieval.

3.1.  NETCONF Schema List Retrieval (<get> monitoring data)

   A NETCONF client retrieves the list of supported XML Schema from a
   NETCONF server using the <get> RPC request.  The list of available
   XML Schema is retrieved by requesting the <schema> subtree via a
   <get> operation.  Available schema for the requesting session are
   returned in the reply containing the <identifier> , <version> and
   <location> elements, where <identifier> and <version> elements are
   mandatory and their values are unique.  The returned list must only
   include the names of those schema for which the NETCONF session has
   sufficient privileges.  The NETCONF session privileges are determined
   via access control mechanisms which are beyond the scope of this
   document.  An empty reply is returned if there are no available
   schema.  The <get> operation allows the client to request the list of
   available schema on the managed device.  The response data can be
   used to determine the available schema and their versions.  The
   schema itself (ie. schema content) is not returned in the response.
   A URI to the schema is returned which is used to facilitate the
   retrieval of the schema using a supported mechanism on the device
   such as a NETCONF operation or ftp.  In addition when a schema is
   available on the device and the <get-schema> capability is supported
   a special location value of 'netconf' will be used to indicate its
   availability on the device.  See <get-schema> for details.


     Example: Retrieving available XML schema list using <get> operation

      <rpc message-id="101"
           xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
         <get>
           <filter type="subtree">
             <schemaList xmlns="urn:ietf:params:xml:ns:netconf:schema"/>
         </filter>
        </get>
      </rpc>

   The NETCONF server returns a list of XML schema available for



Scott, et al.            Expires August 28, 2008                [Page 8]

Internet-Draft          NETCONF Monitoring Schema          February 2008


   retrieval.  Notification schema in this example.


      <rpc-reply message-id="101"
                 xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
        <data>
          <schemaList xmlns="rn:ietf:params:xml:ns:netconf:base:1.0">
            <schema>
              <identifer>
                ietf:params:xml:ns:netconf:notification
              </identifer>
              <version&lt;1.0<version>
              <location>ftp://some.accessible.location</location>
            </schema>
          </schemaList>
        </data>
      </rpc-reply>

   The ability to retrieve a schema itself via NETCONF will be
   supported.  In this case a new RPC operation will be introduced to
   support this retrieval.  This operation will allow the retrieval of
   the specific schema inline in the NETCONF session:


      Example: Query a specific schema on device using <list-schema>
               operation


     <rpc message-id="101"
          xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
        <get>
          <filter>
             <schemaList xmlns="urn:ietf:params:xml:ns:netconf:schema"/>
               <list-schema>
                 <identifer>
                   urn:ietf:params:xml:ns:netcponf:notification
                 </identifer>
               </list-schema>
          </filter>
         </get>
       </list-schema>
     </rpc>

   The NETCONF server returns a list of XML schema available for
   retrieval: Notification schema in this example.






Scott, et al.            Expires August 28, 2008                [Page 9]

Internet-Draft          NETCONF Monitoring Schema          February 2008


      <rpc-reply message-id="101"
                 xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
        <data>
          <schemaList xmlns="rn:ietf:params:xml:ns:netconf:base:1.0">
            <schema>
              <identifer>
                urn:ietf:params:xml:ns:netconf:notification
              </identifer>
              <version&lt;1.0<version>
              <location>ftp://some.accessible.location</location>
            </schema>
         </schemaList>
        </data>
      </rpc-reply>





































Scott, et al.            Expires August 28, 2008               [Page 10]

Internet-Draft          NETCONF Monitoring Schema          February 2008


4.  Monitoring Schema (XSD)

   The information in this Schema provides information about Netconf
   system that could be used to aid an attack on that system.  Care
   should be taken to restrict access to this information as
   appropriate.


 <xs:schema
     xmlns:xs="http://www.w3.org/2001/XMLSchema"
     xmlns=
    "urn:ietf:params:xml:ns:netconf:state:1.0"
    xmlns:netconf="urn:ietf:params:xml:ns:netconf:base:1.0"
    targetNamespace=
    "urn:ietf:params:xml:ns:netconf:state:1.0"
     elementFormDefault="qualified"
     attributeFormDefault="unqualified">
      <xs:annotation>
         <xs:documentation xml:lang="en">
             NetConf Monitoring Schema.
             All elements in this Schema are read-only.
         </xs:documentation>
      </xs:annotation>


 <xs:import namespace="urn:ietf:params:xml:ns:netconf:base:1.0"
       schemaLocation="urn:ietf:params:xml:ns:netconf:base:1.0"/>
 <xs:import
      namespace="urn:ietf:params:xml:ns:netconf:notification:1.0"
      schemaLocation="urn:ietf:params:xml:ns:netconf:notification:1.0"/>


 <xs:element name="netconfState">
   <xs:complexType>
      <xs:sequence>

        <xs:element name="capabilities">
          <xs:annotation>
            <xs:documentation xml:lang="en">
              List of NETCONF capabilities supported
              by this device.
            </xs:documentation>
          </xs:annotation>
          <xs:complexType>
            <xs:sequence>
              <xs:element name="capability"
                 type="xs:anyURI" minOccurs="0"
                 maxOccurs="unbounded"/>



Scott, et al.            Expires August 28, 2008               [Page 11]

Internet-Draft          NETCONF Monitoring Schema          February 2008


           </xs:sequence>
         </xs:complexType>
       </xs:element>

     <xs:element name="sessions">
         <xs:annotation>
             <xs:documentation xml:lang="en">
                 List of NETCONF sessions currently
                 active on this device.
             </xs:documentation>
         </xs:annotation>
         <xs:complexType>
             <xs:sequence>
                 <xs:element name="session"
                     type="NetconfSessionInfo"
                     minOccurs="0"
                     maxOccurs="unbounded"/>
             </xs:sequence>
         </xs:complexType>
     </xs:element>

     <xs:element name="configurations">
       <xs:annotation>
         <xs:documentation xml:lang="en">
           List of NETCONF configuration datastores (e.g. running,
            startup, candidate) supported on this device and related
            information.
         </xs:documentation>
        </xs:annotation>
        <xs:complexType>
          <xs:sequence>
             <xs:element name="config" type="ConfigurationDatastoreInfo"
                          minOccurs="0" maxOccurs="unbounded"/>
          </xs:sequence>
        </xs:complexType>
     </xs:element>

     <xs:element name="subscriptions">
       <xs:annotation>
         <xs:documentation xml:lang="en">
           List of NETCONF notification subscriptions
           active on this device and related information.
          </xs:documentation>
        </xs:annotation>
         <xs:complexType>
           <xs:sequence>
             <xs:element name="subscription"
                          type="NetconfSubscriptionInfo"



Scott, et al.            Expires August 28, 2008               [Page 12]

Internet-Draft          NETCONF Monitoring Schema          February 2008


                          minOccurs="0" maxOccurs="unbounded"/>
           </xs:sequence>
        </xs:complexType>
      </xs:element>

    </xs:sequence>
   </xs:complexType>
 </xs:element>


 <!-- Complex Types -->

 <xs:complexType name="ManagementSessionInfo">
     <xs:sequence>
         <xs:element name="sessionId" type="netconf:SessionId"/>
         <xs:element name="username" type="xs:string"/>
         <xs:element name="transport" type="xs:string"/>
         <xs:element name="protocol" type=xs:string"/>
         <xs:element name="sourceIdentifier" type="inet:ip-address"/>
         <xs:element name="loginTime" type="xs:dateTime"/>
     </xs:sequence>
 </xs:complexType>


 <xs:complexType name="ConfigurationDatastoreInfo">
   <xs:sequence>
       <xs:element name="name" type="netconf:configNameType"/>
       <xs:element name="lockStatus" type="LockStatus"/>
   </xs:sequence>
 </xs:complexType>


 <xs:complexType name="LockStatus">
   <xs:annotation>
     <xs:documentation>
       An indication of whether a resource is locked or unlocked.
       If locked, additional information about the locking such as
       user and time stamp is provided.
     </xs:documentation>
   </xs:annotation>
   <xs:sequence>
     <xs:element name="lock-state">
       <xs:simpleType>
         <xs:restriction base="xs:string">
           <xs:enumeration value="locked"/>
             <xs:enumeration value="unlocked"/>
           </xs:restriction>
         </xs:simpleType>



Scott, et al.            Expires August 28, 2008               [Page 13]

Internet-Draft          NETCONF Monitoring Schema          February 2008


       </xs:element>
       <xs:element name="lockedBySession"
             type="netconf:SessionId" minOccurs="0">
       <xs:annotation>
         <xs:documentation>
           The session ID of the session that has locked this resource.
         </xs:documentation>
       </xs:annotation>
     </xs:element>
     <xs:element name="lockedTime"
           type="xs:dateTime" minOccurs="0">
       <xs:annotation>
        <xs:documentation>
           The date and time of when the resource was locked.
           If the resource is currently unlocked, this element
           will not be present.
         </xs:documentation>
       </xs:annotation>
     </xs:element>
   </xs:sequence>
 </xs:complexType>

 <xs:complexType name="NetconfSubscriptionInfo">
   <xs:annotation>
     <xs:documentation>
         Information about Netconf Notification Subscriptions.
     </xs:documentation>
   </xs:annotation>
   <xs:sequence >
     <xs:element name="sessionId"
          type="netconf:SessionId" >
       <xs:annotation>
         <xs:documentation xml:lang="en">
           The session id associated with this
           subscription.
         </xs:documentation>
       </xs:annotation>
     </xs:element>

     <xs:element name="stream"
            type="xs:string"  minOccurs="0">
       <xs:annotation>
         <xs:documentation xml:lang="en">
           The stream associated with this subscription.
         </xs:documentation>
       </xs:annotation>
     </xs:element>




Scott, et al.            Expires August 28, 2008               [Page 14]

Internet-Draft          NETCONF Monitoring Schema          February 2008


     <xs:element name="filter"
           type="netconf:filterInlineType"  minOccurs="0">
       <xs:annotation>
         <xs:documentation xml:lang="en">
           The filters associated with this subscription.
         </xs:documentation>
       </xs:annotation>
     </xs:element>

     <xs:element name="associatedNamedProfile" minOccurs="0">
       <xs:annotation>
         <xs:documentation xml:lang="en">
           The named profile associated with this
           subscription. Note that the  contents of the
           named profile may have changed since it was
           last applied.
         </xs:documentation>
       </xs:annotation>
     </xs:element>

     <xs:element name="lastModified" type="xs:dateTime" >
       <xs:annotation>
         <xs:documentation xml:lang="en">
           The last time this subscription was modified. If
           it  has not been modified since creation, this is
           the time of subscription creation.
         </xs:documentation>
       </xs:annotation>
     </xs:element>

     <xs:element name="messagesSent"
           type="xs:unsignedInt" minOccurs="0">
       <xs:annotation>
         <xs:documentation xml:lang="en">
           A count of event notifications sent along
           this connection since the subscription was
           created.
         </xs:documentation>
       </xs:annotation>
     </xs:element>

     <xs:element name="key">
       <xs:key name="uniqueSubscription">
         <xs:selector xpath=".//subscription"/>
         <xs:field xpath="sessionId"/>
       </xs:key>
     </xs:element>




Scott, et al.            Expires August 28, 2008               [Page 15]

Internet-Draft          NETCONF Monitoring Schema          February 2008


   </xs:sequence>
 </xs:complexType>

 </xs:schema>















































Scott, et al.            Expires August 28, 2008               [Page 16]

Internet-Draft          NETCONF Monitoring Schema          February 2008


5.  Security Considerations

   The information in this Schema provides information about Netconf
   system that could be used to aid an attack on that system.  Care
   should be taken to restrict access to this information as
   appropriate.













































Scott, et al.            Expires August 28, 2008               [Page 17]

Internet-Draft          NETCONF Monitoring Schema          February 2008


6.  Acknowledgements

   Thanks to the Netconf working group for providing a much earlier
   draft of Schema to manage Netconf and Netconf Notifications that were
   cannibalized to produce this draft.














































Scott, et al.            Expires August 28, 2008               [Page 18]

Internet-Draft          NETCONF Monitoring Schema          February 2008


7.  Normative References

   [NETCONF]  Enns, R., "NETCONF Configuration Protocol", RFC 4741,
              February 2006.

   [NETCONF-EVENT]
              Chisholm, S. and H. Trevino, "NETCONF Event
              Notifications", ID draft-ietf-netconf-notification-11,
              November 2007.

   [RFC2026]  Bradner, S., "The Internet Standards Process -- Revision
              3", RFC 2026, BCP 9, October 1996.

   [RFC2119]  Bradner, s., "Key words for RFCs to Indicate Requirements
              Levels", RFC 2119, March 1997.

   [RFC2223]  Postel, J. and J. Reynolds, "Instructions to RFC Authors",
              RFC 2223, October 1997.

   [XML]      World Wide Web Consortium, "Extensible Markup Language
              (XML) 1.0", W3C XML, February 1998,
              <http://www.w3.org/TR/1998/REC-xml-19980210>.

   [XML Schema]
              Fallside, D. and P. Walmsley, "XML Schema Part 0: Primer
              Second Edition", W3C XML Schema, October 2004.

























Scott, et al.            Expires August 28, 2008               [Page 19]

Internet-Draft          NETCONF Monitoring Schema          February 2008


Authors' Addresses

   Mark Scott
   Nortel
   3500 Carling Ave
   Nepean, Ontario  K2H 8E9
   Canada

   Email: markscot@nortel.com


   Sharon Chisholm
   Nortel
   3500 Carling Ave
   Nepean, Ontario  K2H 8E9
   Canada

   Email: schishol@nortel.com


   Martin Bjorklund
   Tail-f Systems
   Klara Norra Kyrkogata 31
   SE-111 22 Stockholm,
   Sweden

   Email: mbj@tail-f.com
























Scott, et al.            Expires August 28, 2008               [Page 20]

Internet-Draft          NETCONF Monitoring Schema          February 2008


Full Copyright Statement

   Copyright (C) The IETF Trust (2008).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
   THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.


Acknowledgment

   Funding for the RFC Editor function is provided by the IETF
   Administrative Support Activity (IASA).





Scott, et al.            Expires August 28, 2008               [Page 21]