idnits 2.17.1 draft-bierman-netmod-rfc6087bis-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (February 14, 2014) is 3717 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC6242' is mentioned on line 891, but not defined ** Obsolete normative reference: RFC 2223 (Obsoleted by RFC 7322) ** Obsolete normative reference: RFC 5741 (Obsoleted by RFC 7841) -- Obsolete informational reference (is this intentional?): RFC 5226 (Obsoleted by RFC 8126) -- Obsolete informational reference (is this intentional?): RFC 6087 (Obsoleted by RFC 8407) Summary: 2 errors (**), 0 flaws (~~), 2 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group A. Bierman 3 Internet-Draft YumaWorks 4 Intended status: Standards Track February 14, 2014 5 Expires: August 18, 2014 7 Guidelines for Authors and Reviewers of YANG Data Model Documents 8 draft-bierman-netmod-rfc6087bis-00 10 Abstract 12 This memo provides guidelines for authors and reviewers of Standards 13 Track specifications containing YANG data model modules. Applicable 14 portions may be used as a basis for reviews of other YANG data model 15 documents. Recommendations and procedures are defined, which are 16 intended to increase interoperability and usability of Network 17 Configuration Protocol (NETCONF) implementations that utilize YANG 18 data model modules. 20 Status of this Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on August 18, 2014. 37 Copyright Notice 39 Copyright (c) 2014 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 55 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 56 2.1. Requirements Notation . . . . . . . . . . . . . . . . . . 5 57 2.2. NETCONF Terms . . . . . . . . . . . . . . . . . . . . . . 5 58 2.3. YANG Terms . . . . . . . . . . . . . . . . . . . . . . . . 5 59 2.4. Terms . . . . . . . . . . . . . . . . . . . . . . . . . . 6 60 3. General Documentation Guidelines . . . . . . . . . . . . . . . 7 61 3.1. Module Copyright . . . . . . . . . . . . . . . . . . . . . 7 62 3.2. Terminology Section . . . . . . . . . . . . . . . . . . . 8 63 3.3. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 8 64 3.4. Narrative Sections . . . . . . . . . . . . . . . . . . . . 9 65 3.5. Definitions Section . . . . . . . . . . . . . . . . . . . 9 66 3.6. Security Considerations Section . . . . . . . . . . . . . 9 67 3.7. IANA Considerations Section . . . . . . . . . . . . . . . 10 68 3.7.1. Documents that Create a New Namespace . . . . . . . . 10 69 3.7.2. Documents that Extend an Existing Namespace . . . . . 10 70 3.8. Reference Sections . . . . . . . . . . . . . . . . . . . . 10 71 4. YANG Usage Guidelines . . . . . . . . . . . . . . . . . . . . 12 72 4.1. Module Naming Conventions . . . . . . . . . . . . . . . . 12 73 4.2. Identifiers . . . . . . . . . . . . . . . . . . . . . . . 12 74 4.3. Defaults . . . . . . . . . . . . . . . . . . . . . . . . . 12 75 4.4. Conditional Statements . . . . . . . . . . . . . . . . . . 13 76 4.5. XPath Usage . . . . . . . . . . . . . . . . . . . . . . . 13 77 4.6. Lifecycle Management . . . . . . . . . . . . . . . . . . . 15 78 4.7. Module Header, Meta, and Revision Statements . . . . . . . 15 79 4.8. Namespace Assignments . . . . . . . . . . . . . . . . . . 16 80 4.9. Top-Level Data Definitions . . . . . . . . . . . . . . . . 17 81 4.10. Data Types . . . . . . . . . . . . . . . . . . . . . . . . 18 82 4.11. Reusable Type Definitions . . . . . . . . . . . . . . . . 18 83 4.12. Data Definitions . . . . . . . . . . . . . . . . . . . . . 19 84 4.13. Operation Definitions . . . . . . . . . . . . . . . . . . 20 85 4.14. Notification Definitions . . . . . . . . . . . . . . . . . 20 86 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 21 87 6. Security Considerations . . . . . . . . . . . . . . . . . . . 22 88 6.1. Security Considerations Section Template . . . . . . . . . 22 89 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 24 90 8. Changes Since RFC 6087 . . . . . . . . . . . . . . . . . . . . 25 91 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 26 92 9.1. Normative References . . . . . . . . . . . . . . . . . . . 26 93 9.2. Informative References . . . . . . . . . . . . . . . . . . 26 94 Appendix A. Module Review Checklist . . . . . . . . . . . . . . . 28 95 Appendix B. YANG Module Template . . . . . . . . . . . . . . . . 30 96 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 32 98 1. Introduction 100 The standardization of network configuration interfaces for use with 101 the Network Configuration Protocol [RFC6241] requires a modular set 102 of data models, which can be reused and extended over time. 104 This document defines a set of usage guidelines for Standards Track 105 documents containing [RFC6020] data models. YANG is used to define 106 the data structures, protocol operations, and notification content 107 used within a NETCONF server. A server that supports a particular 108 YANG module will support client NETCONF operation requests, as 109 indicated by the specific content defined in the YANG module. 111 This document is similar to the Structure of Management Information 112 version 2 (SMIv2) usage guidelines specification [RFC4181] in intent 113 and structure. However, since that document was written a decade 114 after SMIv2 modules had been in use, it was published as a 'Best 115 Current Practice' (BCP). This document is not a BCP, but rather an 116 informational reference, intended to promote consistency in documents 117 containing YANG modules. 119 Many YANG constructs are defined as optional to use, such as the 120 description statement. However, in order to maximize 121 interoperability of NETCONF implementations utilizing YANG data 122 models, it is desirable to define a set of usage guidelines that may 123 require a higher level of compliance than the minimum level defined 124 in the YANG specification. 126 In addition, YANG allows constructs such as infinite length 127 identifiers and string values, or top-level mandatory nodes, that a 128 compliant server is not required to support. Only constructs that 129 all servers are required to support can be used in IETF YANG modules. 131 This document defines usage guidelines related to the NETCONF 132 operations layer and NETCONF content layer, as defined in [RFC6241]. 133 These guidelines are intended to be used by authors and reviewers to 134 improve the readability and interoperability of published YANG data 135 models. 137 2. Terminology 139 2.1. Requirements Notation 141 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 142 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 143 document are to be interpreted as described in [RFC2119]. 145 RFC 2119 language is used here to express the views of the NETMOD 146 working group regarding content for YANG modules. YANG modules 147 complying with this document will treat the RFC 2119 terminology as 148 if it were describing best current practices. 150 2.2. NETCONF Terms 152 The following terms are defined in [RFC6241] and are not redefined 153 here: 155 o capabilities 157 o client 159 o operation 161 o server 163 2.3. YANG Terms 165 The following terms are defined in [RFC6020] and are not redefined 166 here: 168 o data node 170 o module 172 o namespace 174 o submodule 176 o version 178 o YANG 180 o YIN 182 Note that the term 'module' may be used as a generic term for a YANG 183 module or submodule. When describing properties that are specific to 184 submodules, the term 'submodule' is used instead. 186 2.4. Terms 188 The following terms are used throughout this document: 190 o published: A stable release of a module or submodule, usually 191 contained in an RFC. 193 o unpublished: An unstable release of a module or submodule, usually 194 contained in an Internet-Draft. 196 3. General Documentation Guidelines 198 YANG data model modules under review are likely to be contained in 199 Internet-Drafts. All guidelines for Internet-Draft authors MUST be 200 followed. The RFC Editor provides guidelines for authors of RFCs, 201 which are first published as Internet-Drafts. These guidelines 202 should be followed and are defined in [RFC2223] and updated in 203 [RFC5741] and "RFC Document Style" [RFC-STYLE]. 205 The following sections MUST be present in an Internet-Draft 206 containing a module: 208 o Narrative sections 210 o Definitions section 212 o Security Considerations section 214 o IANA Considerations section 216 o References section 218 3.1. Module Copyright 220 The module description statement MUST contain a reference to the 221 latest approved IETF Trust Copyright statement, which is available 222 online at: 224 http://trustee.ietf.org/license-info/ 226 Each YANG module or submodule contained within an Internet-Draft or 227 RFC is considered to be a code component. The strings '' and '' MUST be used to identify each code 229 component. 231 The '' tag SHOULD be followed by a string identifying 232 the file name specified in Section 5.2 of [RFC6020]. The following 233 example is for the '2010-01-18' revision of the 'ietf-foo' module: 235 file "ietf-foo@2010-01-18.yang" 236 module ietf-foo { 237 // ... 238 revision 2010-01-18 { 239 description "Latest revision"; 240 reference "RFC XXXX"; 241 } 242 // ... 243 } 245 247 3.2. Terminology Section 249 A terminology section MUST be present if any terms are defined in the 250 document or if any terms are imported from other documents. 252 If YANG tree diagrams are used, then a sub-section explaining the 253 YANG tree diagram syntax MUST be present, containing the following 254 text: 256 A simplified graphical representation of the data model is used in 257 this document. The meaning of the symbols in these diagrams is as 258 follows: 260 o Brackets "[" and "]" enclose list keys. 262 o Abbreviations before data node names: "rw" means configuration 263 (read-write) and "ro" state data (read-only). 265 o Symbols after data node names: "?" means an optional node and "*" 266 denotes a "list" and "leaf-list". 268 o Parentheses enclose choice and case nodes, and case nodes are 269 also marked with a colon (":"). 271 o Ellipsis ("...") stands for contents of subtrees that are not 272 shown. 274 3.3. Tree Diagrams 276 YANG tree diagrams provide a concise representation of a YANG module, 277 and SHOULD be included to help readers understand YANG module 278 structure. Tree diagrams MAY be split into sections to correspond to 279 document structure. 281 The following example shows a simple YANG tree diagram: 283 +--rw top-level-config-container 284 | +--rw config-list* [key-name] 285 | +--rw key-name string 286 | +--rw optional-parm? string 287 | +--rw mandatory-parm identityref 288 | +--ro read-only-leaf string 289 +--ro top-level-nonconfig-container 290 +--ro nonconfig-list* [name] 291 +--ro name string 292 +--ro type string 294 3.4. Narrative Sections 296 The narrative part MUST include an overview section that describes 297 the scope and field of application of the module(s) defined by the 298 specification and that specifies the relationship (if any) of these 299 modules to other standards, particularly to standards containing 300 other YANG modules. The narrative part SHOULD include one or more 301 sections to briefly describe the structure of the modules defined in 302 the specification. 304 If the module(s) defined by the specification imports definitions 305 from other modules (except for those defined in the [RFC6020] or 306 [RFC6991] documents), or are always implemented in conjunction with 307 other modules, then those facts MUST be noted in the overview 308 section, as MUST be noted any special interpretations of definitions 309 in other modules. 311 3.5. Definitions Section 313 This section contains the module(s) defined by the specification. 314 These modules MUST be written using the YANG syntax defined in 315 [RFC6020]. A YIN syntax version of the module MAY also be present in 316 the document. There MAY also be other types of modules present in 317 the document, such as SMIv2, which are not affected by these 318 guidelines. 320 See Section 4 for guidelines on YANG usage. 322 3.6. Security Considerations Section 324 Each specification that defines one or more modules MUST contain a 325 section that discusses security considerations relevant to those 326 modules. 328 This section MUST be patterned after the latest approved template 329 (available at http://trac.tools.ietf.org/area/ops/trac/wiki/ 330 yang-security-guidelines). Section 6.1 contains the security 331 considerations template dated 2010-06-16. Authors MUST check the 332 webpage at the URL listed above in case there is a more recent 333 version available. 335 In particular: 337 o Writable data nodes that could be especially disruptive if abused 338 MUST be explicitly listed by name and the associated security 339 risks MUST be explained. 341 o Readable data nodes that contain especially sensitive information 342 or that raise significant privacy concerns MUST be explicitly 343 listed by name and the reasons for the sensitivity/privacy 344 concerns MUST be explained. 346 o Operations (i.e., YANG 'rpc' statements) that are potentially 347 harmful to system behavior or that raise significant privacy 348 concerns MUST be explicitly listed by name and the reasons for the 349 sensitivity/privacy concerns MUST be explained. 351 3.7. IANA Considerations Section 353 In order to comply with IESG policy as set forth in 354 http://www.ietf.org/id-info/checklist.html, every Internet-Draft that 355 is submitted to the IESG for publication MUST contain an IANA 356 Considerations section. The requirements for this section vary 357 depending on what actions are required of the IANA. If there are no 358 IANA considerations applicable to the document, then the IANA 359 Considerations section stating that there are no actions is removed 360 by the RFC Editor before publication. Refer to the guidelines in 361 [RFC5226] for more details. 363 3.7.1. Documents that Create a New Namespace 365 If an Internet-Draft defines a new namespace that is to be 366 administered by the IANA, then the document MUST include an IANA 367 Considerations section that specifies how the namespace is to be 368 administered. 370 Specifically, if any YANG module namespace statement value contained 371 in the document is not already registered with IANA, then a new YANG 372 Namespace registry entry MUST be requested from the IANA. The 373 [RFC6020] specification includes the procedure for this purpose in 374 its IANA Considerations section. 376 3.7.2. Documents that Extend an Existing Namespace 378 It is possible to extend an existing namespace using a YANG submodule 379 that belongs to an existing module already administered by IANA. In 380 this case, the document containing the main module MUST be updated to 381 use the latest revision of the submodule. 383 3.8. Reference Sections 385 For every import or include statement that appears in a module 386 contained in the specification, which identifies a module in a 387 separate document, a corresponding normative reference to that 388 document MUST appear in the Normative References section. The 389 reference MUST correspond to the specific module version actually 390 used within the specification. 392 For every normative reference statement that appears in a module 393 contained in the specification, which identifies a separate document, 394 a corresponding normative reference to that document SHOULD appear in 395 the Normative References section. The reference SHOULD correspond to 396 the specific document version actually used within the specification. 397 If the reference statement identifies an informative reference, which 398 identifies a separate document, a corresponding informative reference 399 to that document MAY appear in the Informative References section. 401 4. YANG Usage Guidelines 403 In general, modules in IETF Standards Track specifications MUST 404 comply with all syntactic and semantic requirements of YANG 405 [RFC6020]. The guidelines in this section are intended to supplement 406 the YANG specification, which is intended to define a minimum set of 407 conformance requirements. 409 In order to promote interoperability and establish a set of practices 410 based on previous experience, the following sections establish usage 411 guidelines for specific YANG constructs. 413 Only guidelines that clarify or restrict the minimum conformance 414 requirements are included here. 416 4.1. Module Naming Conventions 418 Modules contained in Standards Track documents SHOULD be named 419 according to the guidelines in the IANA Considerations section of 420 [RFC6020]. 422 A distinctive word or acronym (e.g., protocol name or working group 423 acronym) SHOULD be used in the module name. If new definitions are 424 being defined to extend one or more existing modules, then the same 425 word or acronym should be reused, instead of creating a new one. 427 All published module names MUST be unique. For a YANG module 428 published in an RFC, this uniqueness is guaranteed by IANA. For 429 unpublished modules, the authors need to check that no other work in 430 progress is using the same module name. 432 Once a module name is published, it MUST NOT be reused, even if the 433 RFC containing the module is reclassified to 'Historic' status. 435 4.2. Identifiers 437 Identifiers for all YANG identifiers in published modules MUST be 438 between 1 and 64 characters in length. These include any construct 439 specified as an 'identifier-arg-str' token in the ABNF in Section 12 440 of [RFC6020]. 442 4.3. Defaults 444 In general, it is suggested that substatements containing very common 445 default values SHOULD NOT be present. The following substatements 446 are commonly used with the default value, which would make the module 447 difficult to read if used everywhere they are allowed. 449 +--------------+---------------+ 450 | Statement | Default Value | 451 +--------------+---------------+ 452 | config | true | 453 | mandatory | false | 454 | max-elements | unbounded | 455 | min-elements | 0 | 456 | ordered-by | system | 457 | status | current | 458 | yin-element | false | 459 +--------------+---------------+ 461 Statement Defaults 463 4.4. Conditional Statements 465 A module may be conceptually partitioned in several ways, using the 466 'if-feature' and/or 'when' statements. 468 Data model designers need to carefully consider all modularity 469 aspects, including the use of YANG conditional statements. 471 If a data definition is optional, depending on server support for a 472 NETCONF protocol capability, then a YANG 'feature' statement SHOULD 473 be defined to indicate that the NETCONF capability is supported 474 within the data model. 476 If any notification data, or any data definition, for a non- 477 configuration data node is not mandatory, then the server may or may 478 not be required to return an instance of this data node. If any 479 conditional requirements exist for returning the data node in a 480 notification payload or retrieval request, they MUST be documented 481 somewhere. For example, a 'when' or 'if-feature' statement could 482 apply to the data node, or the conditional requirements could be 483 explained in a 'description' statement within the data node or one of 484 its ancestors (if any). 486 4.5. XPath Usage 488 This section describes guidelines for using the XML Path Language 489 [W3C.REC-xpath-19991116] (XPath) within YANG modules. 491 The 'attribute' and 'namespace' axes are not supported in YANG, and 492 MAY be empty in a NETCONF server implementation. 494 The 'position' and 'last' functions SHOULD NOT be used. This applies 495 to implicit use of the 'position' function as well (e.g., 496 '//chapter[42]'). A server is only required to maintain the relative 497 XML document order of all instances of a particular user-ordered list 498 or leaf-list. The 'position' and 'last' functions MAY be used if 499 they are evaluated in a context where the context node is a user- 500 ordered 'list' or 'leaf-list'. 502 The 'preceding', and 'following' axes SHOULD NOT be used. These 503 constructs rely on XML document order within a NETCONF server 504 configuration database, which may not be supported consistently or 505 produce reliable results across implementations. Predicate 506 expressions based on static node properties (e.g., element name or 507 value, 'ancestor' or 'descendant' axes) SHOULD be used instead. The 508 'preceding' and 'following' axes MAY be used if document order is not 509 relevant to the outcome of the expression (e.g., check for global 510 uniqueness of a parameter value). 512 The 'preceding-sibling' and 'following-sibling' axes SHOULD NOT used. 514 A server is only required to maintain the relative XML document order 515 of all instances of a particular user-ordered list or leaf-list. The 516 'preceding-sibling' and 'following-sibling' axes MAY be used if they 517 are evaluated in a context where the context node is a user-ordered 518 'list' or 'leaf-list'. 520 Data nodes that use the 'int64' and 'uint64' built-in type SHOULD NOT 521 be used within numeric expressions. There are boundary conditions in 522 which the translation from the YANG 64-bit type to an XPath number 523 can cause incorrect results. Specifically, an XPath 'double' 524 precision floating point number cannot represent very large positive 525 or negative 64-bit numbers because it only provides a total precision 526 of 53 bits. The 'int64' and 'uint64' data types MAY be used in 527 numeric expressions if the value can be represented with no more than 528 53 bits of precision. 530 Data modelers need to be careful not to confuse the YANG value space 531 and the XPath value space. The data types are not the same in both, 532 and conversion between YANG and XPath data types SHOULD be considered 533 carefully. 535 Explicit XPath data type conversions MAY be used (e.g., 'string', 536 'boolean', or 'number' functions), instead of implicit XPath data 537 type conversions. 539 XPath expressions that contain a literal value representing a YANG 540 identity SHOULD always include the declared prefix of the module 541 where the identity is defined. 543 XPath expressions for 'when' statements MUST NOT reference the 544 context node or any descendant nodes of the context node. 546 4.6. Lifecycle Management 548 The status statement MUST be present if its value is 'deprecated' or 549 'obsolete'. 551 The module or submodule name MUST NOT be changed, once the document 552 containing the module or submodule is published. 554 The module namespace URI value MUST NOT be changed, once the document 555 containing the module is published. 557 The revision-date substatement within the imports statement SHOULD be 558 present if any groupings are used from the external module. 560 The revision-date substatement within the include statement SHOULD be 561 present if any groupings are used from the external submodule. 563 If submodules are used, then the document containing the main module 564 MUST be updated so that the main module revision date is equal or 565 more recent than the revision date of any submodule that is (directly 566 or indirectly) included by the main module. 568 4.7. Module Header, Meta, and Revision Statements 570 For published modules, the namespace MUST be a globally unique URI, 571 as defined in [RFC3986]. This value is usually assigned by the IANA. 573 The organization statement MUST be present. If the module is 574 contained in a document intended for Standards Track status, then the 575 organization SHOULD be the IETF working group chartered to write the 576 document. 578 The contact statement MUST be present. If the module is contained in 579 a document intended for Standards Track status, then the working 580 group web and mailing information MUST be present, and the main 581 document author or editor contact information SHOULD be present. If 582 additional authors or editors exist, their contact information MAY be 583 present. In addition, the Area Director and other contact 584 information MAY be present. 586 The description statement MUST be present. The appropriate IETF 587 Trust Copyright text MUST be present, as described in Section 3.1. 589 If the module relies on information contained in other documents, 590 which are not the same documents implied by the import statements 591 present in the module, then these documents MUST be identified in the 592 reference statement. 594 A revision statement MUST be present for each published version of 595 the module. The revision statement MUST have a reference 596 substatement. It MUST identify the published document that contains 597 the module. Modules are often extracted from their original 598 documents, and it is useful for developers and operators to know how 599 to find the original source document in a consistent manner. The 600 revision statement MAY have a description substatement. 602 Each new revision MUST include a revision date that is higher than 603 any other revision date in the module. The revision date does not 604 need to be updated if the module contents do not change in the new 605 document revision. 607 It is acceptable to reuse the same revision statement within 608 unpublished versions (i.e., Internet-Drafts), but the revision date 609 MUST be updated to a higher value each time the Internet-Draft is re- 610 posted. 612 4.8. Namespace Assignments 614 It is RECOMMENDED that only valid YANG modules be included in 615 documents, whether or not they are published yet. This allows: 617 o the module to compile correctly instead of generating disruptive 618 fatal errors. 620 o early implementors to use the modules without picking a random 621 value for the XML namespace. 623 o early interoperability testing since independent implementations 624 will use the same XML namespace value. 626 Until a URI is assigned by the IANA, a proposed namespace URI MUST be 627 provided for the namespace statement in a YANG module. A value 628 SHOULD be selected that is not likely to collide with other YANG 629 namespaces. Standard module names, prefixes, and URI strings already 630 listed in the YANG Module Registry MUST NOT be used. 632 A standard namespace statement value SHOULD have the following form: 634 : 636 The following URN prefix string SHOULD be used for published and 637 unpublished YANG modules: 639 urn:ietf:params:xml:ns:yang: 641 The following example URNs would be valid temporary namespace 642 statement values for Standards Track modules: 644 urn:ietf:params:xml:ns:yang:ietf-netconf-partial-lock 646 urn:ietf:params:xml:ns:yang:ietf-netconf-state 648 urn:ietf:params:xml:ns:yang:ietf-netconf 650 Note that a different URN prefix string SHOULD be used for non- 651 Standards-Track modules. The string SHOULD be selected according to 652 the guidelines in [RFC6020]. 654 The following examples of non-Standards-Track modules are only 655 suggestions. There are no guidelines for this type of URN in this 656 document: 658 http://example.com/ns/example-interfaces 660 http://example.com/ns/example-system 662 4.9. Top-Level Data Definitions 664 The top-level data organization SHOULD be considered carefully, in 665 advance. Data model designers need to consider how the functionality 666 for a given protocol or protocol family will grow over time. 668 The separation of configuration data and operational state SHOULD be 669 considered carefully. It is often useful to define separate top- 670 level containers for configuration and non-configuration data. There 671 SHOULD only be one top-level data node defined in each YANG module 672 for all configuration data nodes, if any configuration data nodes are 673 defined at all. There MAY be one top-level data node defined in each 674 YANG module for all non-configuration data nodes, if any non- 675 configuration data nodes are defined at all. 677 The names and data organization SHOULD reflect persistent 678 information, such as the name of a protocol. The name of the working 679 group SHOULD NOT be used because this may change over time. 681 A mandatory database data definition is defined as a node that a 682 client must provide for the database to be valid. The server is not 683 required to provide a value. 685 Top-level database data definitions MUST NOT be mandatory. If a 686 mandatory node appears at the top level, it will immediately cause 687 the database to be invalid. This can occur when the server boots or 688 when a module is loaded dynamically at runtime. 690 4.10. Data Types 692 Selection of an appropriate data type (i.e., built-in type, existing 693 derived type, or new derived type) is very subjective, and therefore 694 few requirements can be specified on that subject. 696 Data model designers SHOULD use the most appropriate built-in data 697 type for the particular application. 699 If extensibility of enumerated values is required, then the 700 'identityref' data type SHOULD be used instead of an enumeration or 701 other built-in type. 703 For string data types, if a machine-readable pattern can be defined 704 for the desired semantics, then one or more pattern statements SHOULD 705 be present. 707 For string data types, if the length of the string is required to be 708 bounded in all implementations, then a length statement MUST be 709 present. 711 For numeric data types, if the values allowed by the intended 712 semantics are different than those allowed by the unbounded intrinsic 713 data type (e.g., 'int32'), then a range statement SHOULD be present. 715 The signed numeric data types (i.e., 'int8', 'int16', 'int32', and 716 'int64') SHOULD NOT be used unless negative values are allowed for 717 the desired semantics. 719 For 'enumeration' or 'bits' data types, the semantics for each 'enum' 720 or 'bit' SHOULD be documented. A separate description statement 721 (within each 'enum' or 'bit' statement) SHOULD be present. 723 4.11. Reusable Type Definitions 725 If an appropriate derived type exists in any standard module, such as 726 [RFC6991], then it SHOULD be used instead of defining a new derived 727 type. 729 If an appropriate units identifier can be associated with the desired 730 semantics, then a units statement SHOULD be present. 732 If an appropriate default value can be associated with the desired 733 semantics, then a default statement SHOULD be present. 735 If a significant number of derived types are defined, and it is 736 anticipated that these data types will be reused by multiple modules, 737 then these derived types SHOULD be contained in a separate module or 738 submodule, to allow easier reuse without unnecessary coupling. 740 The description statement MUST be present. 742 If the type definition semantics are defined in an external document 743 (other than another YANG module indicated by an import statement), 744 then the reference statement MUST be present. 746 4.12. Data Definitions 748 The description statement MUST be present in the following YANG 749 statements: 751 o anyxml 753 o augment 755 o choice 757 o container 759 o extension 761 o feature 763 o grouping 765 o identity 767 o leaf 769 o leaf-list 771 o list 773 o notification 775 o rpc 777 o typedef 779 If the data definition semantics are defined in an external document, 780 (other than another YANG module indicated by an import statement), 781 then a reference statement MUST be present. 783 The 'anyxml' construct may be useful to represent an HTML banner 784 containing markup elements, such as '<b>' and '</b>', and 785 MAY be used in such cases. However, this construct SHOULD NOT be 786 used if other YANG data node types can be used instead to represent 787 the desired syntax and semantics. 789 If there are referential integrity constraints associated with the 790 desired semantics that can be represented with XPath, then one or 791 more 'must' statements SHOULD be present. 793 For list and leaf-list data definitions, if the number of possible 794 instances is required to be bounded for all implementations, then the 795 max-elements statements SHOULD be present. 797 If any 'must' or 'when' statements are used within the data 798 definition, then the data definition description statement SHOULD 799 describe the purpose of each one. 801 4.13. Operation Definitions 803 If the operation semantics are defined in an external document (other 804 than another YANG module indicated by an import statement), then a 805 reference statement MUST be present. 807 If the operation impacts system behavior in some way, it SHOULD be 808 mentioned in the description statement. 810 If the operation is potentially harmful to system behavior in some 811 way, it MUST be mentioned in the Security Considerations section of 812 the document. 814 4.14. Notification Definitions 816 The description statement MUST be present. 818 If the notification semantics are defined in an external document 819 (other than another YANG module indicated by an import statement), 820 then a reference statement MUST be present. 822 5. IANA Considerations 824 This document registers one URI in the IETF XML registry [RFC3688]. 826 The following registration has been made: 828 URI: urn:ietf:params:xml:ns:yang:ietf-template 830 Registrant Contact: The NETMOD WG of the IETF. 832 XML: N/A, the requested URI is an XML namespace. 834 Per this document, the following assignment has been made in the YANG 835 Module Names Registry for the YANG module template in Appendix B. 837 +-----------+-------------------------------------------+ 838 | Field | Value | 839 +-----------+-------------------------------------------+ 840 | Name | ietf-template | 841 | Namespace | urn:ietf:params:xml:ns:yang:ietf-template | 842 | Prefix | temp | 843 | Reference | RFC XXXX | 844 +-----------+-------------------------------------------+ 846 YANG Registry Assignment 848 6. Security Considerations 850 This document defines documentation guidelines for NETCONF content 851 defined with the YANG data modeling language. The guidelines for how 852 to write a Security Considerations section for a YANG module are 853 defined in the online document 855 http://trac.tools.ietf.org/area/ops/trac/wiki/ 856 yang-security-guidelines 858 This document does not introduce any new or increased security risks 859 into the management system. 861 The following section contains the security considerations template 862 dated 2010-06-16. Be sure to check the webpage at the URL listed 863 above in case there is a more recent version available. 865 Each specification that defines one or more YANG modules MUST contain 866 a section that discusses security considerations relevant to those 867 modules. This section MUST be patterned after the latest approved 868 template (available at 870 http://www.ops.ietf.org/netconf/yang-security-considerations.txt). 872 In particular, writable data nodes that could be especially 873 disruptive if abused MUST be explicitly listed by name and the 874 associated security risks MUST be spelled out. 876 Similarly, readable data nodes that contain especially sensitive 877 information or that raise significant privacy concerns MUST be 878 explicitly listed by name and the reasons for the sensitivity/privacy 879 concerns MUST be explained. 881 Further, if new RPC operations have been defined, then the security 882 considerations of each new RPC operation MUST be explained. 884 6.1. Security Considerations Section Template 886 X. Security Considerations 888 The YANG module defined in this memo is designed to be accessed via 889 the NETCONF protocol [RFC6241]. The lowest NETCONF layer is the 890 secure transport layer and the mandatory-to-implement secure 891 transport is SSH [RFC6242]. 893 -- if you have any writable data nodes (those are all the 894 -- "config true" nodes, and remember, that is the default) 895 -- describe their specific sensitivity or vulnerability. 897 There are a number of data nodes defined in this YANG module which 898 are writable/creatable/deletable (i.e., config true, which is the 899 default). These data nodes may be considered sensitive or vulnerable 900 in some network environments. Write operations (e.g., edit-config) 901 to these data nodes without proper protection can have a negative 902 effect on network operations. These are the subtrees and data nodes 903 and their sensitivity/vulnerability: 905 907 -- for all YANG modules you must evaluate whether any readable data 908 -- nodes (those are all the "config false" nodes, but also all other 909 -- nodes, because they can also be read via operations like get or 910 -- get-config) are sensitive or vulnerable (for instance, if they 911 -- might reveal customer information or violate personal privacy 912 -- laws such as those of the European Union if exposed to 913 -- unauthorized parties) 915 Some of the readable data nodes in this YANG module may be considered 916 sensitive or vulnerable in some network environments. It is thus 917 important to control read access (e.g., via get, get-config, or 918 notification) to these data nodes. These are the subtrees and data 919 nodes and their sensitivity/vulnerability: 921 923 -- if your YANG module has defined any rpc operations 924 -- describe their specific sensitivity or vulnerability. 926 Some of the RPC operations in this YANG module may be considered 927 sensitive or vulnerable in some network environments. It is thus 928 important to control access to these operations. These are the 929 operations and their sensitivity/vulnerability: 931 933 7. Acknowledgments 935 The structure and contents of this document are adapted from 936 [RFC4181], guidelines for MIB Documents, by C. M. Heard. 938 The working group thanks Martin Bjorklund, Juergen Schoenwaelder, and 939 Ladislav Lhotka for their extensive reviews and contributions to this 940 document. 942 8. Changes Since RFC 6087 944 The following changes have been made to the guidelines published in 945 [RFC6087]: 947 o Updated NETCONF reference from RFC 4741 to RFC 6241 949 o Updated NETCONF over SSH citation from RFC 4742 to RFC 6242 951 o Updated YANG Types reference from RFC 6021 to RFC 6991 953 o Updated obsolete URLs for IETF resources 955 o Changed top-level data node guideline 957 o Clarified XPath usage for a literal value representing a YANG 958 identity 960 o Clarified XPath usage for a when-stmt 962 o Added terminology guidelines 964 o Added YANG tree diagram guideline 966 9. References 968 9.1. Normative References 970 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 971 Requirement Levels", BCP 14, RFC 2119, March 1997. 973 [RFC2223] Postel, J. and J. Reynolds, "Instructions to RFC Authors", 974 RFC 2223, October 1997. 976 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 977 January 2004. 979 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 980 Resource Identifier (URI): Generic Syntax", STD 66, 981 RFC 3986, January 2005. 983 [RFC5378] Bradner, S. and J. Contreras, "Rights Contributors Provide 984 to the IETF Trust", BCP 78, RFC 5378, November 2008. 986 [RFC5741] Daigle, L., Kolkman, O., and IAB, "RFC Streams, Headers, 987 and Boilerplates", RFC 5741, December 2009. 989 [RFC6020] Bjorklund, M., "YANG - A Data Modeling Language for the 990 Network Configuration Protocol (NETCONF)", RFC 6020, 991 October 2010. 993 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 994 and A. Bierman, Ed., "Network Configuration Protocol 995 (NETCONF)", RFC 6241, June 2011. 997 [RFC6991] Schoenwaelder, J., "Common YANG Data Types", RFC 6991, 998 July 2013. 1000 [W3C.REC-xpath-19991116] 1001 Clark, J. and S. DeRose, "XML Path Language (XPath) 1002 Version 1.0", World Wide Web Consortium 1003 Recommendation REC-xpath-19991116, November 1999, 1004 . 1006 9.2. Informative References 1008 [RFC-STYLE] 1009 Braden, R., Ginoza, S., and A. Hagens, "RFC Document 1010 Style", September 2009, 1011 . 1013 [RFC4181] Heard, C., "Guidelines for Authors and Reviewers of MIB 1014 Documents", BCP 111, RFC 4181, September 2005. 1016 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 1017 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 1018 May 2008. 1020 [RFC6087] Bierman, A., "Guidelines for Authors and Reviewers of YANG 1021 Data Model Documents", RFC 6087, January 2011. 1023 Appendix A. Module Review Checklist 1025 This section is adapted from RFC 4181. 1027 The purpose of a YANG module review is to review the YANG module both 1028 for technical correctness and for adherence to IETF documentation 1029 requirements. The following checklist may be helpful when reviewing 1030 an Internet-Draft: 1032 o I-D Boilerplate -- verify that the draft contains the required 1033 Internet-Draft boilerplate (see 1034 http://www.ietf.org/id-info/guidelines.html), including the 1035 appropriate statement to permit publication as an RFC, and that 1036 I-D boilerplate does not contain references or section numbers. 1038 o Abstract -- verify that the abstract does not contain references, 1039 that it does not have a section number, and that its content 1040 follows the guidelines in 1041 http://www.ietf.org/id-info/guidelines.html. 1043 o Copyright Notice -- verify that the draft has the appropriate text 1044 regarding the rights that document contributers provide to the 1045 IETF Trust [RFC5378]. Verify that it contains the full IETF Trust 1046 copyright notice at the beginning of the document. The IETF Trust 1047 Legal Provisions (TLP) can be found at: 1049 http://trustee.ietf.org/license-info/ 1051 o Security Considerations section -- verify that the draft uses the 1052 latest approved template from the OPS area website (http:// 1053 trac.tools.ietf.org/area/ops/trac/wiki/yang-security-guidelines) 1054 and that the guidelines therein have been followed. 1056 o IANA Considerations section -- this section must always be 1057 present. For each module within the document, ensure that the 1058 IANA Considerations section contains entries for the following 1059 IANA registries: 1061 XML Namespace Registry: Register the YANG module namespace. 1063 YANG Module Registry: Register the YANG module name, prefix, 1064 namespace, and RFC number, according to the rules specified 1065 in [RFC6020]. 1067 o References -- verify that the references are properly divided 1068 between normative and informative references, that RFC 2119 is 1069 included as a normative reference if the terminology defined 1070 therein is used in the document, that all references required by 1071 the boilerplate are present, that all YANG modules containing 1072 imported items are cited as normative references, and that all 1073 citations point to the most current RFCs unless there is a valid 1074 reason to do otherwise (for example, it is OK to include an 1075 informative reference to a previous version of a specification to 1076 help explain a feature included for backward compatibility). Be 1077 sure citations for all imported modules are present somewhere in 1078 the document text (outside the YANG module). 1080 o License -- verify that the draft contains the Simplified BSD 1081 License in each YANG module or submodule. Some guidelines related 1082 to this requirement are described in Section 3.1. Make sure that 1083 the correct year is used in all copyright dates. Use the approved 1084 text from the latest Trust Legal Provisions (TLP) document, which 1085 can be found at: 1087 http://trustee.ietf.org/license-info/ 1089 o Other Issues -- check for any issues mentioned in 1090 http://www.ietf.org/id-info/checklist.html that are not covered 1091 elsewhere. 1093 o Technical Content -- review the actual technical content for 1094 compliance with the guidelines in this document. The use of a 1095 YANG module compiler is recommended when checking for syntax 1096 errors. A list of freely available tools and other information 1097 can be found at: 1099 http://trac.tools.ietf.org/wg/netconf/trac/wiki 1101 Checking for correct syntax, however, is only part of the job. 1102 It is just as important to actually read the YANG module document 1103 from the point of view of a potential implementor. It is 1104 particularly important to check that description statements are 1105 sufficiently clear and unambiguous to allow interoperable 1106 implementations to be created. 1108 Appendix B. YANG Module Template 1110 file "ietf-template@2010-05-18.yang" 1112 module ietf-template { 1114 // replace this string with a unique namespace URN value 1115 namespace 1116 "urn:ietf:params:xml:ns:yang:ietf-template"; 1118 // replace this string, and try to pick a unique prefix 1119 prefix "temp"; 1121 // import statements here: e.g., 1122 // import ietf-yang-types { prefix yang; } 1123 // import ietf-inet-types { prefix inet; } 1125 // identify the IETF working group if applicable 1126 organization 1127 "IETF NETMOD (NETCONF Data Modeling Language) Working Group"; 1129 // update this contact statement with your info 1130 contact 1131 "WG Web: 1132 WG List: 1134 WG Chair: your-WG-chair 1135 1137 Editor: your-name 1138 "; 1140 // replace the first sentence in this description statement. 1141 // replace the copyright notice with the most recent 1142 // version, if it has been updated since the publication 1143 // of this document 1144 description 1145 "This module defines a template for other YANG modules. 1147 Copyright (c) IETF Trust and the persons 1148 identified as authors of the code. All rights reserved. 1150 Redistribution and use in source and binary forms, with or 1151 without modification, is permitted pursuant to, and subject 1152 to the license terms contained in, the Simplified BSD License 1153 set forth in Section 4.c of the IETF Trust's Legal Provisions 1154 Relating to IETF Documents 1155 (http://trustee.ietf.org/license-info). 1157 This version of this YANG module is part of RFC XXXX; see 1158 the RFC itself for full legal notices."; 1160 // RFC Ed.: replace XXXX with actual RFC number and remove 1161 // this note 1163 reference "RFC XXXX"; 1165 // RFC Ed.: remove this note 1166 // Note: extracted from RFC XXXX 1168 // replace '2010-05-18' with the module publication date 1169 // The format is (year-month-day) 1170 revision "2010-05-18" { 1171 description 1172 "Initial version"; 1173 } 1175 // extension statements 1177 // feature statements 1179 // identity statements 1181 // typedef statements 1183 // grouping statements 1185 // data definition statements 1187 // augment statements 1189 // rpc statements 1191 // notification statements 1193 // DO NOT put deviation statements in a published module 1195 } 1197 1199 Author's Address 1201 Andy Bierman 1202 YumaWorks 1204 Email: andy@yumaworks.com