| < draft-ietf-netmod-nmda-diff-10.txt | draft-ietf-netmod-nmda-diff-11.txt > | |||
|---|---|---|---|---|
| Network Working Group A. Clemm | Network Working Group A. Clemm | |||
| Internet-Draft Y. Qu | Internet-Draft Y. Qu | |||
| Intended status: Standards Track Futurewei | Intended status: Standards Track Futurewei | |||
| Expires: January 13, 2022 J. Tantsura | Expires: January 28, 2022 J. Tantsura | |||
| Apstra | Microsoft | |||
| A. Bierman | A. Bierman | |||
| YumaWorks | YumaWorks | |||
| July 12, 2021 | July 27, 2021 | |||
| Comparison of NMDA datastores | Comparison of NMDA datastores | |||
| draft-ietf-netmod-nmda-diff-10 | draft-ietf-netmod-nmda-diff-11 | |||
| Abstract | Abstract | |||
| This document defines an RPC operation to compare management | This document defines an RPC operation to compare management | |||
| datastores that comply with the NMDA architecture. | datastores that comply with the NMDA architecture. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| skipping to change at page 1, line 35 ¶ | skipping to change at page 1, line 35 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on January 13, 2022. | This Internet-Draft will expire on January 28, 2022. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2021 IETF Trust and the persons identified as the | Copyright (c) 2021 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 4, line 49 ¶ | skipping to change at page 4, line 49 ¶ | |||
| to both datastores: if the same schema node is not present in both | to both datastores: if the same schema node is not present in both | |||
| datastores, then all instances of that schema node and all its | datastores, then all instances of that schema node and all its | |||
| descendants are excluded from the comparison. This allows client | descendants are excluded from the comparison. This allows client | |||
| applications to focus on the differences that constitute true | applications to focus on the differences that constitute true | |||
| mismatches of instance data without needing to specify more | mismatches of instance data without needing to specify more | |||
| complex filter constructs. | complex filter constructs. | |||
| o report-origin: When set, this parameter indicates that origin | o report-origin: When set, this parameter indicates that origin | |||
| metadata should be included as part of RPC output. When this | metadata should be included as part of RPC output. When this | |||
| parameter is omitted, origin metadata in comparisons that involve | parameter is omitted, origin metadata in comparisons that involve | |||
| <operational> is by default omitted. | <operational> is by default omitted. Note that origin metadata | |||
| only applies to <operational> it is therefore also omitted in | ||||
| comparisons that do not involve <operational> regardless of | ||||
| whether or not the parameter is set. | ||||
| The operation provides the following output parameter: | The operation provides the following output parameter: | |||
| o differences: This parameter contains the list of differences. | o differences: This parameter contains the list of differences. | |||
| Those differences are encoded per YANG-Patch data model defined in | Those differences are encoded per YANG-Patch data model defined in | |||
| RFC8072. When a datastore node in the source of the comparison is | RFC8072. When a datastore node in the source of the comparison is | |||
| not present in the target of the comparison, this can be indicated | not present in the target of the comparison, this can be indicated | |||
| either as a "delete" or as a "remove" in the patch as there is no | either as a "delete" or as a "remove" in the patch as there is no | |||
| differentiation between those operations for the purposes of the | differentiation between those operations for the purposes of the | |||
| comparison. The YANG-Patch data model is augmented to indicate | comparison. The YANG-Patch data model is augmented to indicate | |||
| skipping to change at page 6, line 40 ¶ | skipping to change at page 6, line 40 ¶ | |||
| +--ro target target-resource-offset | +--ro target target-resource-offset | |||
| +--ro point? target-resource-offset | +--ro point? target-resource-offset | |||
| +--ro where? enumeration | +--ro where? enumeration | |||
| +--ro value? | +--ro value? | |||
| +--ro source-value? | +--ro source-value? | |||
| Structure of ietf-nmda-compare | Structure of ietf-nmda-compare | |||
| 5. YANG Data Model | 5. YANG Data Model | |||
| <CODE BEGINS> file "ietf-nmda-compare@2021-07-12.yang" | <CODE BEGINS> file "ietf-nmda-compare@2021-07-27.yang" | |||
| module ietf-nmda-compare { | module ietf-nmda-compare { | |||
| yang-version 1.1; | yang-version 1.1; | |||
| namespace "urn:ietf:params:xml:ns:yang:ietf-nmda-compare"; | namespace "urn:ietf:params:xml:ns:yang:ietf-nmda-compare"; | |||
| prefix cmp; | prefix cmp; | |||
| import ietf-yang-types { | import ietf-yang-types { | |||
| prefix yang; | prefix yang; | |||
| reference "RFC 6991: Common YANG Data Types"; | reference "RFC 6991: Common YANG Data Types"; | |||
| skipping to change at page 7, line 49 ¶ | skipping to change at page 7, line 49 ¶ | |||
| authors of the code. All rights reserved. | authors of the code. All rights reserved. | |||
| Redistribution and use in source and binary forms, with or | Redistribution and use in source and binary forms, with or | |||
| without modification, is permitted pursuant to, and subject to | without modification, is permitted pursuant to, and subject to | |||
| the license terms contained in, the Simplified BSD License set | the license terms contained in, the Simplified BSD License set | |||
| forth in Section 4.c of the IETF Trust's Legal Provisions | forth in Section 4.c of the IETF Trust's Legal Provisions | |||
| Relating to IETF Documents | Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info). | (https://trustee.ietf.org/license-info). | |||
| This version of this YANG module is part of | This version of this YANG module is part of | |||
| draft-ietf-netmod-nmda-diff-10; see the RFC itself for full | draft-ietf-netmod-nmda-diff-11; see the RFC itself for full | |||
| legal notices. | legal notices. | |||
| NOTE TO RFC EDITOR: Please replace above reference to | NOTE TO RFC EDITOR: Please replace above reference to | |||
| draft-ietf-netmod-nmda-diff-10 with RFC number when published | draft-ietf-netmod-nmda-diff-11 with RFC number when published | |||
| (i.e. RFC xxxx)."; | (i.e. RFC xxxx)."; | |||
| revision 2021-07-12 { | revision 2021-07-27 { | |||
| description | description | |||
| "Initial revision. | "Initial revision. | |||
| NOTE TO RFC EDITOR: | NOTE TO RFC EDITOR: | |||
| (1)Please replace the above revision date to | (1)Please replace the above revision date to | |||
| the date of RFC publication when published. | the date of RFC publication when published. | |||
| (2) Please replace the date in the file name | (2) Please replace the date in the file name | |||
| (ietf-nmda-compare@2021-07-12.yang) to the date of RFC | (ietf-nmda-compare@2021-07-27.yang) to the date of RFC | |||
| publication. | publication. | |||
| (3) Please replace the following reference to | (3) Please replace the following reference to | |||
| draft-ietf-netmod-nmda-diff-10 with RFC number when published | draft-ietf-netmod-nmda-diff-11 with RFC number when published | |||
| (i.e. RFC xxxx)."; | (i.e. RFC xxxx)."; | |||
| reference | reference | |||
| "draft-ietf-netmod-nmda-diff-10: Comparison of NMDA | "draft-ietf-netmod-nmda-diff-11: Comparison of NMDA | |||
| datastores"; | datastores"; | |||
| } | } | |||
| /* RPC */ | /* RPC */ | |||
| rpc compare { | rpc compare { | |||
| description | description | |||
| "NMDA datastore compare operation."; | "NMDA datastore compare operation."; | |||
| input { | input { | |||
| leaf source { | leaf source { | |||
| type identityref { | type identityref { | |||
| skipping to change at page 15, line 10 ¶ | skipping to change at page 15, line 10 ¶ | |||
| responsibly and sparingly only when warranted, implementations need | responsibly and sparingly only when warranted, implementations need | |||
| to be aware of the fact that excessive invocation of this operation | to be aware of the fact that excessive invocation of this operation | |||
| will burden system resources and need to ensure that system | will burden system resources and need to ensure that system | |||
| performance will not be adversely impacted. One possibility for an | performance will not be adversely impacted. One possibility for an | |||
| implementation to mitigate against such a possibility is to limit the | implementation to mitigate against such a possibility is to limit the | |||
| number of requests that is served to a client, or to any number of | number of requests that is served to a client, or to any number of | |||
| clients, in any one time interval, rejecting requests made at a | clients, in any one time interval, rejecting requests made at a | |||
| higher frequency than the implementation can reasonably sustain. | higher frequency than the implementation can reasonably sustain. | |||
| While useful, tools such as YANG Data Models that allow for the | While useful, tools such as YANG Data Models that allow for the | |||
| monitoring of server resources, system performance, and statistics | monitoring of server resources, system performance, and | |||
| about RPCs and RPC rates are outside the scope of this document. | statisticsabout RPCs and RPC rates are outside the scope of this | |||
| When defined, any such model should be general in nature and not | document. When defined, any such model should be general in nature | |||
| limited to the RPC operation defined in this document. | and not limited to the RPC operation defined in this document. | |||
| 8. IANA Considerations | 8. IANA Considerations | |||
| 8.1. Updates to the IETF XML Registry | 8.1. Updates to the IETF XML Registry | |||
| This document registers one URI in the IETF XML registry [RFC3688]. | This document registers one URI in the IETF XML registry [RFC3688]. | |||
| Following the format in [RFC3688], the following registration is | Following the format in [RFC3688], the following registration is | |||
| requested: | requested: | |||
| URI: urn:ietf:params:xml:ns:yang:ietf-nmda-compare | URI: urn:ietf:params:xml:ns:yang:ietf-nmda-compare | |||
| skipping to change at page 15, line 41 ¶ | skipping to change at page 15, line 41 ¶ | |||
| This document registers a YANG module in the YANG Module Names | This document registers a YANG module in the YANG Module Names | |||
| registry [RFC6020]. Following the format in [RFC6020], the following | registry [RFC6020]. Following the format in [RFC6020], the following | |||
| registration is requested: | registration is requested: | |||
| name: ietf-nmda-compare | name: ietf-nmda-compare | |||
| namespace: urn:ietf:params:xml:ns:yang:ietf-nmda-compare | namespace: urn:ietf:params:xml:ns:yang:ietf-nmda-compare | |||
| prefix: cmp | prefix: cmp | |||
| reference: draft-ietf-netmod-nmda-diff-10 (RFC form) | reference: draft-ietf-netmod-nmda-diff-11 (RFC form) | |||
| 9. Security Considerations | 9. Security Considerations | |||
| The YANG module specified in this document defines a schema for data | The YANG module specified in this document defines a schema for data | |||
| that is designed to be accessed via network management protocols such | that is designed to be accessed via network management protocols such | |||
| as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer | as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer | |||
| is the secure transport layer, and the mandatory-to-implement secure | is the secure transport layer, and the mandatory-to-implement secure | |||
| transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer | transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer | |||
| is HTTPS, and the mandatory-to-implement secure transport is TLS | is HTTPS, and the mandatory-to-implement secure transport is TLS | |||
| [RFC8446]. | [RFC8446]. | |||
| The NETCONF access control model [RFC8341] provides the means to | The NETCONF access control model [RFC8341] provides the means to | |||
| restrict access for particular NETCONF or RESTCONF users to a | restrict access for particular NETCONF or RESTCONF users to a | |||
| preconfigured subset of all available NETCONF or RESTCONF protocol | preconfigured subset of all available NETCONF or RESTCONF protocol | |||
| operations and content. | operations and content. | |||
| NACM specifies access for the server in its entirety and the same | ||||
| access rules apply to all datastores. Any subtrees to which a | ||||
| requestor does not have read access are silently skipped and not | ||||
| included in the comparison. | ||||
| The RPC operation defined in this YANG module, "compare", may be | The RPC operation defined in this YANG module, "compare", may be | |||
| considered sensitive or vulnerable in some network environments. It | considered sensitive or vulnerable in some network environments. It | |||
| is thus important to control access to this operation. This is the | is thus important to control access to this operation. This is the | |||
| sensitivity/vulnerability of RPC operation "compare": | sensitivity/vulnerability of RPC operation "compare": | |||
| Comparing datastores for differences requires a certain amount of | Comparing datastores for differences requires a certain amount of | |||
| processing resources at the server. An attacker could attempt to | processing resources at the server. An attacker could attempt to | |||
| attack a server by making a high volume of comparison requests. | attack a server by making a high volume of comparison requests. | |||
| Server implementations can guard against such scenarios in several | Server implementations can guard against such scenarios in several | |||
| ways. For one, they can implement the NETCONF access control model | ways. For one, they can implement the NETCONF access control model | |||
| skipping to change at page 19, line 13 ¶ | skipping to change at page 19, line 13 ¶ | |||
| Email: ludwig@clemm.org | Email: ludwig@clemm.org | |||
| Yingzhen Qu | Yingzhen Qu | |||
| Futurewei | Futurewei | |||
| 2330 Central Expressway | 2330 Central Expressway | |||
| Santa Clara, CA 95050 | Santa Clara, CA 95050 | |||
| USA | USA | |||
| Email: yqu@futurewei.com | Email: yqu@futurewei.com | |||
| Jeff Tantsura | Jeff Tantsura | |||
| Apstra | Microsoft | |||
| Email: jefftant.ietf@gmail.com | Email: jefftant.ietf@gmail.com | |||
| Andy Bierman | Andy Bierman | |||
| YumaWorks | YumaWorks | |||
| Email: andy@yumaworks.com | Email: andy@yumaworks.com | |||
| End of changes. 16 change blocks. | ||||
| 19 lines changed or deleted | 27 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||